EUVD-2026-5666

Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

EUVD-2026-4563

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

EUVD-2026-4327

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through = 2.1.0...

EUVD-2026-4079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...

EUVD-2026-3832

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

EUVD-2026-3475

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

EUVD-2026-3173

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workreport.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

EUVD-2026-2940

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

EUVD-2026-2961

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image...

EUVD-2026-2997

EUVD-2026-2997...

EUVD-2026-3045

EUVD-2026-3045...

EUVD-2026-2616

EUVD-2026-2616...

EUVD-2026-2651

EUVD-2026-2651...

EUVD-2026-2062

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

EUVD-2026-2121

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally...

EUVD-2026-2306

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether that class was in t...

EUVD-2026-2321

In the Linux kernel, the following vulnerability has been resolved: hwmon: ibmpex fix use-after-free in high/low store The ibmpexhighlowstore function retrieves driver data using devgetdrvdata and uses it without validation. This creates a race condition where the sysfs callback can be invoked...

EUVD-2026-2376

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

EUVD-2026-1764

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...

EUVD-2026-1444

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through 1.7...