39 matches found
EUVD-2026-1572
When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...
EUVD-2026-1174
A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...
EUVD-2026-1209
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
EUVD-2026-0087
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0113
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0231
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0407
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0462
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0570
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0606
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0637
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2025-205306
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
EUVD-2025-204827
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
EUVD-2025-203624
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...
EUVD-2025-203425
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server...
EUVD-2025-203411
TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...
EUVD-2025-202383
Not used...
EUVD-2025-198206
The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...
EUVD-2025-37697
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data...