55 matches found
EUVD-2026-4025
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through = 2.9.63...
EUVD-2026-4163
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
EUVD-2026-3405
The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...
EUVD-2026-2811
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting XSS attacks, leading to the extraction of sensitive data...
EUVD-2026-1954
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...
EUVD-2026-1900
A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. T...
EUVD-2026-1428
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
EUVD-2026-1816
EUVD-2026-1816...
EUVD-2026-1257
EUVD-2026-1257...
EUVD-2026-1286
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0...
EUVD-2026-0206
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0329
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0526
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2025-204718
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn For PREEMPTRT=y kernels, the deferredirqworkfn is executed in the per-cpu irqwork/ task context and not disable-irq, if the rq returned by containerof is current CPU's rq,...
EUVD-2025-204378
A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...
EUVD-2025-201345
Not used...
EUVD-2025-198196
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...
EUVD-2025-197672
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2025-179762
Malicious code in char-bundle-route-refactor-async npm...
EUVD-2025-178695
Malicious code in global-schema-unuk-gemini npm...