11966 matches found
EUVD-2026-2363
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...
EUVD-2026-2370
Not used...
EUVD-2026-2369
Not used...
EUVD-2026-2371
Not used...
EUVD-2026-2372
Not used...
EUVD-2026-2349
The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...
EUVD-2026-2375
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...
EUVD-2026-2376
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
EUVD-2026-2387
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...
EUVD-2026-2389
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability...
EUVD-2026-2385
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
EUVD-2026-2400
EUVD-2026-2400...
EUVD-2026-2274
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in removefile.php. The parameter file can cause any file to be deleted...
EUVD-2026-2269
Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2026-2333
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
EUVD-2026-2348
A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...
EUVD-2026-2083
Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2026-1940
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...
EUVD-2026-1941
Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...
EUVD-2026-1944
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...