EUVD-2026-4367

Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through = 2.0.0...

EUVD-2026-4012

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3..4...

EUVD-2026-4044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...

EUVD-2026-4171

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges...

EUVD-2026-3356

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

EUVD-2026-3433

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

EUVD-2026-3326

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

EUVD-2026-2984

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

EUVD-2026-2500

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

EUVD-2026-2213

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

EUVD-2026-1763

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection...

EUVD-2026-1301

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1802.11 modules allows an adjacent attacker to cause a denial-of-service DoS by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914...

EUVD-2026-0118

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0375

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0587

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0598

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0682

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later...