418857 matches found
EUVD-2025-210144
A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210153
A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210155
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
EUVD-2025-210154
A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...
EUVD-2025-210149
A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2025-210145
A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
EUVD-2026-37007
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...
EUVD-2026-36076
aws-cdk-lib: OS Command Injection in NodejsFunction Bundling...
EUVD-2026-36471
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature...
EUVD-2026-36468
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...
EUVD-2026-36467
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length...
EUVD-2026-36465
Netty: Wrapping plain trust manager silently disables hostname verification...
EUVD-2026-36462
Netty: QUIC stateless reset token material exposed through header-visible connection IDs...
EUVD-2026-36459
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...
EUVD-2026-37004
Unauthenticated Path Traversal in FastDup = 2.7.2 versions...
EUVD-2026-36905
Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...
EUVD-2026-37003
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
EUVD-2026-36904
Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...
EUVD-2026-36902
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...
EUVD-2026-36903
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
EUVD-2026-36901
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
EUVD-2026-36899
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
EUVD-2026-36900
Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...
EUVD-2026-36898
Unauthenticated PHP Object Injection in OttoKit = 1.1.27 versions...
EUVD-2026-36896
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...
EUVD-2026-36897
Customer Privilege Escalation in Dokan = 5.0.2 versions...
EUVD-2026-36895
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
EUVD-2026-36894
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
EUVD-2026-36893
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
EUVD-2026-36892
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
EUVD-2026-36891
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
EUVD-2026-36890
Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...
EUVD-2026-36888
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
EUVD-2026-36889
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
EUVD-2026-36887
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
EUVD-2026-36886
Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...
EUVD-2026-36885
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
EUVD-2026-36884
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
EUVD-2026-36882
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
EUVD-2026-36883
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
EUVD-2026-36881
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...
EUVD-2026-36880
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
EUVD-2026-36879
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
EUVD-2026-36878
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
EUVD-2026-36876
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
EUVD-2026-36877
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
EUVD-2026-36875
Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...
EUVD-2026-36873
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
EUVD-2026-36874
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...
EUVD-2026-36872
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...