EUVD-2026-4124

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution...

EUVD-2026-3231

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

EUVD-2026-3249

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

EUVD-2026-2876

In cpmfwtpmsghandler of cpm/google/lib/tracepoint/cpmfwtpipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-2939

The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...

EUVD-2026-2977

Delta Electronics DIAView has Command Injection vulnerability...

EUVD-2026-2620

EUVD-2026-2620...

EUVD-2026-2633

EUVD-2026-2633...

EUVD-2026-2112

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2026-2302

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdtreeconnectput under concurrency Under high concurrency, A tree-connection object tcon is freed on a disconnect path while another path still holds a reference and later executes put/write on it...

EUVD-2026-2217

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...

EUVD-2026-2262

phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in checkavailablity.php...

EUVD-2026-1904

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and...

GHSA-PCWC-3FW3-8CQV

creationtimestamp| type| source ---|---|--- 2026-01-10 05:03:11+00:00| seen| Telegram/Oq5Ood4NSq2MjX-UETlnapDxCUgYA-dHZPJgTTRAs320 2026-01-24 21:25:58+00:00| seen| https://gist.github.com/alon710/caa5cb4168284b12971dd626b93e298b 2026-01-24 21:26:07+00:00| seen|...

EUVD-2026-1275

The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagekey’ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

EUVD-2026-1291

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

EUVD-2026-0972

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...

EUVD-2026-0876

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through 2.7.8...

Improper Control of Interaction Frequency

Overview django-phone-verify is an A Django app to support phone number verification using security code sent via SMS. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to the absence of failed attempt tracking and lockout mechanisms in the...

EUVD-2025-205309

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL...