EUVD-2026-31928

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure...

EUVD-2026-31927

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

EUVD-2026-31926

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

EUVD-2026-31925

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service...

EUVD-2026-31924

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of...

EUVD-2026-31923

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

EUVD-2026-31922

NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service...

EUVD-2026-31921

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

EUVD-2026-31920

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, da...

EUVD-2026-31919

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution...

EUVD-2026-31918

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

EUVD-2026-31917

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

EUVD-2026-31916

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

EUVD-2026-31915

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2026-31914

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

EUVD-2026-31912

Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have...

EUVD-2026-31911

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2026-31910

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

EUVD-2026-31909

A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...

EUVD-2026-31907

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

EUVD-2026-31906

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

EUVD-2026-31905

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

EUVD-2026-31904

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

EUVD-2026-31903

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

EUVD-2026-31896

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

EUVD-2026-31895

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

EUVD-2026-31894

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modibmupload...

EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

EUVD-2026-31892

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

EUVD-2026-31891

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

EUVD-2026-31890

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

EUVD-2026-31889

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

EUVD-2026-31888

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

EUVD-2026-31887

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

EUVD-2026-31886

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...

EUVD-2026-31885

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

EUVD-2026-31884

Lack of input filtering leads to an XSS vector in the HTML filter code...

EUVD-2026-31883

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

EUVD-2026-31882

Lack of output escaping leads to a XSS vector in the multilingual associations component...

EUVD-2026-31881

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...

EUVD-2026-31880

An improper access check allows privilege escalation through the comusers batch task...

EUVD-2026-31879

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

EUVD-2026-31878

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

EUVD-2026-31877

An improper access check allows unauthorized access to comconfig webservice endpoints...

EUVD-2026-31876

Lack of output escaping leads to a XSS vector in the feed modules...

EUVD-2026-31875

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

EUVD-2026-31874

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

EUVD-2026-31873

An improper access check allows privilege escalation through the comusers batch task...

EUVD-2026-31872

Lack of output escaping leads to a XSS vector in the content history component...