EUVD-2026-1458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through = 2.2.8...

EUVD-2026-1586

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

EUVD-2026-1585

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/editactivity.php. Performing a manipulation of the argument activityid results in sql injection. Remote exploitation of the attack is possible. The exploi...

EUVD-2026-1442

Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing...

EUVD-2026-1434

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

EUVD-2026-1431

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/reviewaction.php via the proId parameter...

EUVD-2026-1488

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

EUVD-2026-1432

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

EUVD-2026-1436

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service DoS condition. The vulnerability exists in the getpassword.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service...

EUVD-2026-1429

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to...

EUVD-2026-1170

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

EUVD-2026-1167

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

EUVD-2026-1175

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

EUVD-2026-1176

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...

EUVD-2026-1196

The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker...

EUVD-2026-1206

Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K...

EUVD-2026-1194

An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured unencrypted MQTT communications protocol, write on the server topics of the board that controls the MQTT communications...

EUVD-2026-1197

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

EUVD-2026-1198

An attacker with a network connection could detect credentials in clear text...

EUVD-2026-1207

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...