418715 matches found
EUVD-2026-36828
Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...
EUVD-2026-36827
Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...
EUVD-2026-36826
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
EUVD-2026-36824
Subscriber Broken Access Control in Advanced Form Integration = 1.126.12 versions...
EUVD-2026-36825
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
EUVD-2026-36823
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
EUVD-2026-36822
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
EUVD-2026-36821
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...
EUVD-2026-36820
Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...
EUVD-2026-36819
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
EUVD-2026-36818
Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...
EUVD-2026-36817
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
EUVD-2026-36815
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
EUVD-2026-36816
Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...
EUVD-2026-36813
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...
EUVD-2026-36814
Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...
EUVD-2026-36812
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...
EUVD-2026-36810
Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...
EUVD-2026-36811
Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...
EUVD-2026-36809
Subscriber Cross Site Scripting XSS in ProfilePress = 4.16.13 versions...
EUVD-2026-36807
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
EUVD-2026-36808
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
EUVD-2026-36806
Subscriber Sensitive Data Exposure in WPPizza = 3.19.9 versions...
EUVD-2026-35549
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability...
EUVD-2026-37002
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...
EUVD-2026-32919
PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS...
EUVD-2026-32915
PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes...
EUVD-2026-32917
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed...
EUVD-2026-32918
PyJWT: Algorithm allow-list bypass when decoding with PyJWK / PyJWKClient keys...
EUVD-2026-36999
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...
EUVD-2026-36795
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...
EUVD-2026-32916
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values DoS...
EUVD-2026-36524
form-data: CRLF injection in form-data via unescaped multipart field names and filenames...
EUVD-2026-36742
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
EUVD-2026-36265
tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template...
EUVD-2026-36741
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...
EUVD-2026-36740
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...
EUVD-2026-36739
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...
EUVD-2026-36738
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...
EUVD-2026-36737
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...
EUVD-2026-36736
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...
EUVD-2026-36735
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
EUVD-2026-36734
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...
EUVD-2026-36733
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
EUVD-2026-36731
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...
EUVD-2025-210140
Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...
EUVD-2025-210139
Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...
EUVD-2026-36730
Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...
EUVD-2026-36727
Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...
EUVD-2026-36732
Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...