413631 matches found
EUVD-2026-32185
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...
EUVD-2026-32186
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...
EUVD-2026-32187
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
EUVD-2026-32190
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
EUVD-2026-32184
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
EUVD-2026-32177
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...
EUVD-2026-32178
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
EUVD-2026-32179
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through = 1.13.19...
EUVD-2026-32180
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...
EUVD-2026-32181
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...
EUVD-2026-32175
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
EUVD-2026-32174
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
EUVD-2026-32176
The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...
EUVD-2025-209964
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...
EUVD-2026-32173
The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
EUVD-2026-32172
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...
EUVD-2026-32171
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...
EUVD-2026-32170
In the Linux kernel, the following vulnerability has been resolved: netfilter: arptables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arppacketmatch unconditionally parses the ARP payload assuming two hardware addresses are present source and target. However, IPv4-over-IEEE1394 ARP RFC 27...
EUVD-2026-32169
In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...
EUVD-2026-32168
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
EUVD-2026-32167
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
EUVD-2026-32166
In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...
EUVD-2026-32165
In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...
EUVD-2026-32164
In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey listnextentry never returns NULL -- when the current element is the last entry it wraps to the list head via containerof. The subsequent NULL check is therefore dead code...
EUVD-2026-32163
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
EUVD-2026-32162
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
EUVD-2026-32155
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...
EUVD-2026-32154
Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...
EUVD-2026-32153
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive information...
EUVD-2025-209963
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation...
EUVD-2025-209962
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation...
EUVD-2025-209961
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...
EUVD-2025-209960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...
EUVD-2025-209959
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...
EUVD-2025-209958
Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing...
EUVD-2025-209957
Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation Manager BSM before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...
EUVD-2025-209956
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...
EUVD-2025-209955
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...
EUVD-2025-209954
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...
EUVD-2025-209953
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct...
EUVD-2024-55598
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...
EUVD-2024-55597
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
EUVD-2024-55596
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...
EUVD-2024-55595
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
EUVD-2024-55594
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
EUVD-2024-55593
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...
EUVD-2024-55592
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...
EUVD-2023-60578
Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...
EUVD-2026-32152
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...
EUVD-2026-32151
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality...