418351 matches found
EUVD-2026-37462
Contributor PHP Object Injection in Avada = 3.15.3 versions...
EUVD-2026-37682
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...
EUVD-2026-37552
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...
EUVD-2026-37681
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...
EUVD-2026-37561
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
EUVD-2026-37560
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...
EUVD-2026-37570
In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37565
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37586
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
EUVD-2026-37568
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37564
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37575
In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37569
A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...
EUVD-2026-37680
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...
EUVD-2026-37585
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...
EUVD-2026-37525
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-37526
Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-37527
Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-37524
Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-37522
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
EUVD-2025-210209
Unauthenticated Local File Inclusion in Mission = 1.22 versions...
EUVD-2025-210237
Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...
EUVD-2026-37554
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210176
Unauthenticated Local File Inclusion in Gita = 1.11 versions...
EUVD-2025-210172
Unauthenticated Local File Inclusion in Top Dog = 1.0.5 versions...
EUVD-2025-210208
Unauthenticated Local File Inclusion in Abelle = 1.22 versions...
EUVD-2025-210235
Unauthenticated Local File Inclusion in Resurs = 1.3 versions...
EUVD-2025-210236
Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...
EUVD-2026-37555
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210229
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
EUVD-2025-210234
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
EUVD-2025-210233
Unauthenticated Local File Inclusion in Snowy = 1.13 versions...
EUVD-2025-210182
Unauthenticated Local File Inclusion in ITactics = 1.0 versions...
EUVD-2025-210177
Unauthenticated Local File Inclusion in Grecko = 5.17 versions...
EUVD-2025-210180
Unauthenticated Local File Inclusion in Eros = 1.3 versions...
EUVD-2025-210174
Unauthenticated Cross Site Scripting XSS in Grand Car Rental = 3.7 versions...
EUVD-2025-210171
Unauthenticated Local File Inclusion in Putter = 1.17 versions...
EUVD-2025-210179
Unauthenticated Local File Inclusion in Choreo = 1.6 versions...
EUVD-2025-210175
Unauthenticated Local File Inclusion in Printo = 1.11 versions...
EUVD-2025-210184
Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...
EUVD-2025-210206
Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...
EUVD-2025-210183
Unauthenticated Local File Inclusion in Roneous = 2.1.5 versions...
EUVD-2025-210178
Unauthenticated Local File Inclusion in WineShop = 3.17 versions...
EUVD-2025-210204
Unauthenticated Local File Inclusion in Wanium = 1.9.8 versions...
EUVD-2025-210232
Unauthenticated Local File Inclusion in Quirky = 1.23 versions...
EUVD-2025-210181
Unauthenticated Local File Inclusion in Spike = 1.2 versions...
EUVD-2025-210173
Unauthenticated Local File Inclusion in Medeus = 1.14 versions...
EUVD-2025-210231
Unauthenticated Local File Inclusion in Gat = 1.16 versions...
EUVD-2025-210227
Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...
EUVD-2025-210194
Unauthenticated Local File Inclusion in Nexio = 1.10.0 versions...