212 matches found
EUVD-2026-2577
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-2456
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...
EUVD-2026-2177
Out-of-bounds read in Capability Access Management Service camsvc allows an unauthorized attacker to disclose information locally...
EUVD-2026-2198
Concurrent execution using shared resource with improper synchronization 'race condition' in Graphics Kernel allows an authorized attacker to elevate privileges locally...
EUVD-2026-2344
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...
EUVD-2026-1752
The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configuration' parameter of the leadform shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-1742
The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pullquote' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2026-1509
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...
Malicious Package
Overview spark-ar-dynamic-mocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
EUVD-2026-1092
Not used...
EUVD-2026-1075
The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...
EUVD-2026-1080
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dirpath' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for authenticated attackers,...
EUVD-2026-1054
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673...
EUVD-2026-1055
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683...
EUVD-2026-0089
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0179
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0250
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0228
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0335
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0425
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...