418610 matches found
EUVD-2026-36955
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
EUVD-2026-36943
Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...
EUVD-2026-36953
Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...
EUVD-2026-36952
Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...
EUVD-2026-36949
Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...
EUVD-2025-210161
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
EUVD-2026-36923
Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...
EUVD-2026-36909
Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...
EUVD-2026-36918
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...
EUVD-2026-36917
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
EUVD-2025-210162
Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...
EUVD-2026-36910
Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...
EUVD-2026-36912
Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...
EUVD-2025-210160
Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...
EUVD-2026-36911
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
EUVD-2025-210163
Subscriber Broken Access Control in Bookify = 1.1.1 versions...
EUVD-2026-36916
Editor Privilege Escalation in AI Engine = 3.4.9 versions...
EUVD-2026-36924
Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...
EUVD-2026-36921
Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...
EUVD-2026-36913
Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...
EUVD-2026-36920
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...
EUVD-2026-36919
Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...
EUVD-2026-36915
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...
EUVD-2026-36925
Unauthenticated Cross Site Scripting XSS in CformsII = 15.1.3 versions...
EUVD-2025-210159
Subscriber Broken Access Control in bunny.net = 2.3.6 versions...
EUVD-2026-36922
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
EUVD-2026-36914
Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...
EUVD-2026-36926
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
EUVD-2025-210158
Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...
EUVD-2026-36803
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
EUVD-2026-36804
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
EUVD-2026-36790
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...
EUVD-2026-36788
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
EUVD-2025-210157
Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...
EUVD-2026-36789
Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...
EUVD-2026-36800
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...
EUVD-2026-36805
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...
EUVD-2026-36802
A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...
EUVD-2026-36801
A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...
EUVD-2026-36799
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
EUVD-2026-36798
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
EUVD-2026-36781
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...
EUVD-2026-36778
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...
EUVD-2026-36780
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...
EUVD-2026-36785
A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...
EUVD-2026-36786
An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...
EUVD-2026-36782
Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components...
EUVD-2026-36784
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
EUVD-2026-36777
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...
EUVD-2026-36783
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...