EUVD-2026-1719

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system...

EUVD-2026-1724

An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly...

EUVD-2026-1712

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP...

EUVD-2026-1445

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

EUVD-2026-1449

A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...

EUVD-2026-1485

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...

EUVD-2026-1490

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

EUVD-2026-1495

Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2...

EUVD-2026-1492

Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8...

EUVD-2026-1481

Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8...

EUVD-2026-1494

Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04...

EUVD-2026-1482

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23...

EUVD-2026-1512

This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...

EUVD-2026-1515

This vulnerability allows a Backup Administrator to perform remote code execution RCE as the postgres user by sending a malicious password parameter...

EUVD-2026-1487

Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3...

EUVD-2026-1568

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations...

EUVD-2026-1581

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

EUVD-2026-1572

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

EUVD-2026-1500

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through = 1.5...

EUVD-2026-1519

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...