EUVD-2025-204356

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

EUVD-2025-204375

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

EUVD-2025-204374

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

EUVD-2025-204389

Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

EUVD-2025-204282

Integer overflow vulnerability in the yuv2ya16Xctemplate function in libswscale/output.c in FFmpeg 8.0...

EUVD-2025-204268

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

EUVD-2025-204274

Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7...

EUVD-2025-204281

There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This...

EUVD-2025-204288

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

EUVD-2025-204278

Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view...

EUVD-2025-203977

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

EUVD-2025-203978

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data...

EUVD-2025-203909

A Cross-site scripting XSS vulnerability in Create/Update Item Kits in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

EUVD-2025-203847

Voluntarily withdrawn...

EUVD-2025-203972

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers...

EUVD-2025-203826

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

EUVD-2025-203823

ABP Account Module has an Open Redirect through Improper validation in its register function...

EUVD-2025-203625

The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...

EUVD-2025-203624

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...

EUVD-2025-203412

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded fil...