418610 matches found
EUVD-2025-210243
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...
EUVD-2026-37701
A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...
EUVD-2026-37700
Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...
EUVD-2026-37699
Unauthenticated Local File Inclusion in Kastell = 2.0 versions...
EUVD-2026-37697
Unauthenticated PHP Object Injection in Château = 1.2.1 versions...
EUVD-2026-37698
Unauthenticated PHP Object Injection in Moderno 1.43 versions...
EUVD-2026-37696
Unauthenticated PHP Object Injection in Zoya = 1.4 versions...
EUVD-2026-37695
Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...
EUVD-2026-37694
Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...
EUVD-2026-37692
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
EUVD-2026-37693
Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...
EUVD-2026-37691
Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...
EUVD-2026-37690
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
EUVD-2026-37689
Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...
EUVD-2026-37688
Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...
EUVD-2026-37687
Unauthenticated PHP Object Injection in Konsept = 1.9 versions...
EUVD-2026-37686
Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...
EUVD-2026-37685
Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...
EUVD-2026-37684
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
EUVD-2025-210242
Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...
EUVD-2025-210241
Unauthenticated Local File Inclusion in Etude = 1.6 versions...
EUVD-2025-210266
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
EUVD-2025-210265
Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...
EUVD-2025-210264
Unauthenticated Local File Inclusion in Skyward = 1.10 versions...
EUVD-2026-36421
@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent incomplete fix for GHSA-6m52-m754-pw2g...
EUVD-2026-37515
CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. In...
EUVD-2026-37510
Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The...
EUVD-2026-37508
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...
EUVD-2026-37507
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
EUVD-2026-37182
In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37192
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37203
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...
EUVD-2026-37183
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37191
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37185
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37189
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37188
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37193
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37187
In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37181
In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37195
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37205
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...
EUVD-2026-37177
In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37186
In OSMMapPMRGeneric of pmros.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-37197
In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
EUVD-2026-37179
In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37200
Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...
EUVD-2026-37180
In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37206
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...
EUVD-2026-37201
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...