418162 matches found
EUVD-2026-37485
Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...
EUVD-2026-37604
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
EUVD-2026-37606
Unauthenticated Cross Site Scripting XSS in Kapee 1.7.1 versions...
EUVD-2026-37673
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
EUVD-2026-37675
Unauthenticated Local File Inclusion in Malmö = 2.2 versions...
EUVD-2026-37588
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
EUVD-2026-37478
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
EUVD-2026-37590
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
EUVD-2026-37474
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
EUVD-2026-37502
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...
EUVD-2026-37481
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
EUVD-2026-37589
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
EUVD-2026-37480
Unauthenticated PHP Object Injection in Santé = 1.5.1 versions...
EUVD-2026-37672
Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...
EUVD-2026-37674
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
EUVD-2026-37676
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
EUVD-2026-37473
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
EUVD-2026-37475
Unauthenticated Local File Inclusion in Getaway 1.8 versions...
EUVD-2026-37587
Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...
EUVD-2026-37484
Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...
EUVD-2026-37477
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
EUVD-2026-37479
Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...
EUVD-2026-37483
Unauthenticated PHP Object Injection in Valiance = 1.2 versions...
EUVD-2026-37476
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
EUVD-2026-37591
Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...
EUVD-2026-37592
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
EUVD-2026-37482
Unauthenticated PHP Object Injection in Playroom = 1.4.1 versions...
EUVD-2026-37677
Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...
EUVD-2026-37579
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...
EUVD-2026-37503
Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...
EUVD-2026-37468
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
EUVD-2026-37578
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...
EUVD-2026-37576
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...
EUVD-2026-37574
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37467
Unauthenticated Local File Inclusion in Softlab Core 1.2.11 versions...
EUVD-2026-37506
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
EUVD-2026-37668
Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...
EUVD-2026-37472
Unauthenticated Local File Inclusion in Solene = 3.4 versions...
EUVD-2026-37464
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
EUVD-2026-37566
In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...
EUVD-2026-37670
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
EUVD-2026-37572
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37577
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...
EUVD-2026-37573
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37669
Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...
EUVD-2026-37666
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
EUVD-2026-37465
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
EUVD-2026-37471
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
EUVD-2026-37469
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
EUVD-2026-37583
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...