EUVD-2026-1577

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery allows Retrieve Embedded Sensitive Data.This issue affects NextGEN Download Gallery: from n/a through = 1.6.2...

EUVD-2026-1544

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through 2.0.19...

EUVD-2026-1433

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...

EUVD-2026-1456

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...

EUVD-2026-1554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through = 2.5.0...

EUVD-2026-1430

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through = 2.0...

EUVD-2026-1526

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

EUVD-2026-1556

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through 3.0.3...

EUVD-2026-1558

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through = 2.1.0...

EUVD-2026-1559

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through = 2.7.3...

EUVD-2026-1536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through = 2.1.4...

EUVD-2026-1586

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

EUVD-2026-1450

An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script...

EUVD-2026-1505

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated...

EUVD-2026-1446

KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...

EUVD-2026-1168

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a fixed-size stack buff...

EUVD-2026-1175

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

EUVD-2026-1176

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...

EUVD-2026-1203

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

EUVD-2026-1211

An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service...