2557 matches found
EUVD-2026-3910
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...
EUVD-2026-3941
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through = 1.3.3...
EUVD-2026-4032
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through = 10.30.3...
EUVD-2026-4065
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through = 1.0.5...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
CVE-2026-21922
creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...
CVE-2023-4091
creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...
CVE-2026-21950
creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...
EUVD-2026-3693
Not used...
EUVD-2026-3384
A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
EUVD-2026-3462
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...
EUVD-2026-3470
Not used...
EUVD-2026-3491
EUVD-2026-3491...
EUVD-2026-3495
EUVD-2026-3495...
WordPress Sosh Share Buttons plugin cross-site request forgery vulnerability
WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...
Exploit for Path Traversal in Openbsd Openssh
Bastion AI-Powered Penetration Testing Platform for macOS...
EUVD-2026-3189
A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsprelydumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide...
EUVD-2026-2948
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...
EUVD-2026-2947
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...
EUVD-2026-3016
EUVD-2026-3016...