418342 matches found
EUVD-2025-210207
Unauthenticated Local File Inclusion in Kelly Young = 1.1.0 versions...
EUVD-2025-210189
Unauthenticated Local File Inclusion in Modernee = 1.6.0 versions...
EUVD-2025-210195
Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...
EUVD-2025-210190
Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...
EUVD-2025-210205
Subscriber Broken Access Control in Genemy = 1.6.6 versions...
EUVD-2025-210230
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
EUVD-2025-210225
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...
EUVD-2025-210228
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
EUVD-2025-210191
Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...
EUVD-2025-210199
Unauthenticated Local File Inclusion in Deliciosa = 1.10.0 versions...
EUVD-2025-210201
Unauthenticated Local File Inclusion in Especio = 1.0 versions...
EUVD-2025-210196
Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...
EUVD-2025-210226
Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...
EUVD-2025-210231
Unauthenticated Local File Inclusion in Gat = 1.16 versions...
EUVD-2025-210227
Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...
EUVD-2024-55627
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
EUVD-2025-210221
Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...
EUVD-2025-210216
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210214
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2024-55635
Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...
EUVD-2025-210238
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...
EUVD-2025-210223
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
EUVD-2024-55628
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
EUVD-2025-210215
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210219
Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...
EUVD-2025-210240
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...
EUVD-2025-210222
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
EUVD-2024-55638
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...
EUVD-2025-210213
In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
EUVD-2025-210220
Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...
EUVD-2025-210217
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
EUVD-2024-55636
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1...
EUVD-2025-210186
Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...
EUVD-2025-210185
Unauthenticated Local File Inclusion in Geya = 1.15 versions...
EUVD-2024-55626
Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...
EUVD-2025-210211
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
EUVD-2025-210212
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...
EUVD-2024-55637
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...
EUVD-2025-210224
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
EUVD-2025-210218
Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...
EUVD-2024-55633
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...
EUVD-2024-55630
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6...
EUVD-2026-37288
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Integration and Interfaces. The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise...
EUVD-2026-37280
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...
EUVD-2026-37291
Adobe Acrobat PDF Extension Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in tha...
EUVD-2026-37279
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials...
EUVD-2026-37283
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
EUVD-2024-55631
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...
EUVD-2026-37281
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR...
EUVD-2026-37282
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...