EUVD-2025-204728

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device detach via pcl818detach, subdevice dev-readsubdev may not have initialize...

EUVD-2025-204283

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...

EUVD-2025-203624

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...

EUVD-2025-203411

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

EUVD-2025-203420

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability...

EUVD-2025-203425

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server...

EUVD-2025-202383

Not used...

EUVD-2025-198206

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

EUVD-2025-198209

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

EUVD-2025-136045

Malicious code in itale-dci-rfsrgget npm...

EUVD-2025-131948

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

EUVD-2025-147492

Malicious code in trevora-kkisa-cir7 npm...

EUVD-2025-90382

Malicious code in lisa-empal70-miaww npm...

EUVD-2025-68264

Malicious code in riana-kue51-ruro npm...

EUVD-2025-63493

Malicious code in integratedanacondaz3n npm...

EUVD-2025-57682

Malicious code in qori-dodol83-sluey npm...

EUVD-2025-46334

Malicious code in moderncondorz3n npm...

EUVD-2025-37605

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

EUVD-2025-37633

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data...

EUVD-2025-37697

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data...