418611 matches found
EUVD-2025-210150
A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210145
A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210152
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210144
A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210148
A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210147
A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210149
A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210154
A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...
EUVD-2025-210151
A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2026-37007
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...
EUVD-2026-36076
aws-cdk-lib: OS Command Injection in NodejsFunction Bundling...
EUVD-2026-36471
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature...
EUVD-2026-36468
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...
EUVD-2026-36467
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length...
EUVD-2026-36465
Netty: Wrapping plain trust manager silently disables hostname verification...
EUVD-2026-36462
Netty: QUIC stateless reset token material exposed through header-visible connection IDs...
EUVD-2026-36459
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...
EUVD-2026-37004
Unauthenticated Path Traversal in FastDup = 2.7.2 versions...
EUVD-2026-36905
Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...
EUVD-2026-37003
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
EUVD-2026-36904
Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...
EUVD-2026-36903
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
EUVD-2026-36902
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...
EUVD-2026-36901
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
EUVD-2026-36900
Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...
EUVD-2026-36899
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
EUVD-2026-36898
Unauthenticated PHP Object Injection in OttoKit = 1.1.27 versions...
EUVD-2026-36896
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...
EUVD-2026-36897
Customer Privilege Escalation in Dokan = 5.0.2 versions...
EUVD-2026-36895
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
EUVD-2026-36894
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
EUVD-2026-36893
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
EUVD-2026-36892
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
EUVD-2026-36891
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
EUVD-2026-36890
Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...
EUVD-2026-36889
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
EUVD-2026-36888
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
EUVD-2026-36887
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
EUVD-2026-36885
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
EUVD-2026-36886
Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...
EUVD-2026-36884
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
EUVD-2026-36882
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
EUVD-2026-36883
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
EUVD-2026-36881
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...
EUVD-2026-36880
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
EUVD-2026-36879
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
EUVD-2026-36878
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
EUVD-2026-36877
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
EUVD-2026-36876
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
EUVD-2026-36875
Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...