418230 matches found
EUVD-2026-37574
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37467
Unauthenticated Local File Inclusion in Softlab Core 1.2.11 versions...
EUVD-2026-37506
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
EUVD-2026-37668
Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...
EUVD-2026-37472
Unauthenticated Local File Inclusion in Solene = 3.4 versions...
EUVD-2026-37464
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
EUVD-2026-37566
In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...
EUVD-2026-37670
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
EUVD-2026-37572
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37577
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...
EUVD-2026-37573
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37666
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
EUVD-2026-37503
Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...
EUVD-2026-37465
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
EUVD-2026-37471
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
EUVD-2026-37469
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
EUVD-2026-37583
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
EUVD-2026-37580
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
EUVD-2026-37466
Unauthenticated Local File Inclusion in Integrio Core 1.2.8 versions...
EUVD-2026-37470
Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...
EUVD-2026-37671
Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...
EUVD-2026-37463
Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...
EUVD-2026-37667
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...
EUVD-2026-37669
Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...
EUVD-2026-37652
Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...
EUVD-2026-37661
Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...
EUVD-2026-37662
Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...
EUVD-2026-37654
Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...
EUVD-2026-37653
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
EUVD-2026-37650
Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...
EUVD-2026-37519
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
EUVD-2026-37645
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...
EUVD-2026-37518
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-37648
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
EUVD-2026-37660
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
EUVD-2026-37656
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
EUVD-2026-37659
Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...
EUVD-2026-37551
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
EUVD-2026-37651
Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...
EUVD-2026-37655
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
EUVD-2026-37517
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-37649
Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...
EUVD-2026-37664
Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...
EUVD-2026-37658
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
EUVD-2026-37657
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
EUVD-2026-37665
Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...
EUVD-2026-37663
Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...
EUVD-2026-37528
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-37540
Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
EUVD-2026-37544
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...