EUVD-2025-204389

Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

EUVD-2025-204381

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

EUVD-2025-204390

Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7...

EUVD-2025-204388

Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19...

EUVD-2025-204291

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS 144.0...

EUVD-2025-204275

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

EUVD-2025-204270

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

EUVD-2025-204276

There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

EUVD-2025-204283

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...

EUVD-2025-204288

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

EUVD-2025-204290

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

EUVD-2025-204287

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 146.0.1...

EUVD-2025-204292

Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox 146.0.1...

EUVD-2025-204289

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7...

EUVD-2025-204278

Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view...

EUVD-2025-203961

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks...

EUVD-2025-203962

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens...

EUVD-2025-203968

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash...

EUVD-2025-203960

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data...

EUVD-2025-203975

A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication...