418425 matches found
EUVD-2026-37706
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...
EUVD-2026-37705
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
EUVD-2026-37704
An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...
EUVD-2026-37703
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...
EUVD-2025-210244
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...
EUVD-2026-37702
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
EUVD-2025-210243
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...
EUVD-2026-37701
A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...
EUVD-2026-37700
Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...
EUVD-2026-37699
Unauthenticated Local File Inclusion in Kastell = 2.0 versions...
EUVD-2026-37697
Unauthenticated PHP Object Injection in Château = 1.2.1 versions...
EUVD-2026-37698
Unauthenticated PHP Object Injection in Moderno 1.43 versions...
EUVD-2026-37696
Unauthenticated PHP Object Injection in Zoya = 1.4 versions...
EUVD-2026-37695
Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...
EUVD-2026-37694
Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...
EUVD-2026-37692
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
EUVD-2026-37693
Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...
EUVD-2026-37691
Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...
EUVD-2026-37690
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
EUVD-2026-37689
Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...
EUVD-2026-37688
Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...
EUVD-2026-37687
Unauthenticated PHP Object Injection in Konsept = 1.9 versions...
EUVD-2026-37686
Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...
EUVD-2026-37685
Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...
EUVD-2026-37684
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
EUVD-2025-210242
Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...
EUVD-2025-210241
Unauthenticated Local File Inclusion in Etude = 1.6 versions...
EUVD-2025-210266
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
EUVD-2025-210265
Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...
EUVD-2025-210264
Unauthenticated Local File Inclusion in Skyward = 1.10 versions...
EUVD-2026-36421
@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent incomplete fix for GHSA-6m52-m754-pw2g...
EUVD-2026-37515
CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. In...
EUVD-2026-37510
Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The...
EUVD-2026-37508
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...
EUVD-2026-37507
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
EUVD-2026-37182
In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37192
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37203
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...
EUVD-2026-37218
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...
EUVD-2026-37183
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37191
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37185
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37189
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37188
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37193
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37187
In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37181
In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37195
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37205
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...
EUVD-2026-37177
In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...