EUVD-2026-4151

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data...

EUVD-2026-4165

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

CVE-2026-21966

Consolidated details for CVE-2026-21966 show an easily exploitable vulnerability in Oracle Hospitality OPERA 5 Property Services (component: Opera) affecting versions 5.6.19.23–5.6.27.4. The issue allows an unauthenticated attacker with network access via HTTP to compromise the service, with huma...

CVE-2026-21956

...

EUVD-2026-3415

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

EUVD-2026-3192

EUVD-2026-3192...

EUVD-2026-3020

EUVD-2026-3020...

EUVD-2026-2837

Not used...

EUVD-2026-2509

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

EUVD-2026-2556

The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...

EUVD-2026-2578

EUVD-2026-2578...

EUVD-2026-2577

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

EUVD-2026-2456

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

EUVD-2026-2177

Out-of-bounds read in Capability Access Management Service camsvc allows an unauthorized attacker to disclose information locally...

EUVD-2026-2344

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

EUVD-2026-1752

The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configuration' parameter of the leadform shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

Malicious Package

Overview spark-ar-dynamic-mocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

EUVD-2026-1092

Not used...

EUVD-2026-1075

The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...

EUVD-2026-1080

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dirpath' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for authenticated attackers,...