208 matches found
EUVD-2026-1768
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...
EUVD-2026-1776
The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...
EUVD-2026-1577
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery allows Retrieve Embedded Sensitive Data.This issue affects NextGEN Download Gallery: from n/a through = 1.6.2...
EUVD-2026-1280
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...
EUVD-2026-1019
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...
EUVD-2026-0967
In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049...
EUVD-2026-0888
In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...
EUVD-2026-0057
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0111
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0309
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0316
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0338
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0424
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0522
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0574
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2025-205305
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...
EUVD-2025-205315
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...
EUVD-2025-205135
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxecleanuptask" In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like rxeinittask are not setup until rxeqpinitreq. If an error...
EUVD-2025-203964
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a user’s Safari history...
ECHO-6CC4-CC58-D5C2
Bulletin has no description...