202 matches found
EUVD-2026-4249
A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
EUVD-2026-3850
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through = 1.5.1...
EUVD-2026-3915
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.4...
EUVD-2026-3327
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
EUVD-2026-3336
A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...
EUVD-2026-2501
In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...
EUVD-2026-2628
EUVD-2026-2628...
EUVD-2026-2249
In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr There exists a kernel oops caused by a BUGONnhead INTMAX i.e. intskbheadroomskb + lendelta skbheadroomskb is meant to ensure that delta = headroom - skbheadroomskb is...
MINI-PX78-QJPX-4X5M
Bulletin has no description...
EUVD-2026-2381
Due to missing authorization check in the SAP ERP Central Component SAP ECC and SAP S/4HANA SAP EHS Management, an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can...
EUVD-2026-2274
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in removefile.php. The parameter file can cause any file to be deleted...
CGA-8H2R-M9J3-FWCQ
Bulletin has no description...
CGA-QCRV-G9RG-9346
Bulletin has no description...
CGA-23HH-MGPW-H5HP
Bulletin has no description...
EUVD-2026-1768
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...
EUVD-2026-1776
The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...
EUVD-2026-1577
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery allows Retrieve Embedded Sensitive Data.This issue affects NextGEN Download Gallery: from n/a through = 1.6.2...
EUVD-2026-1280
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...
EUVD-2026-1019
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...
EUVD-2026-0967
In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049...