417623 matches found
EUVD-2025-210353
Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...
EUVD-2025-210356
Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...
EUVD-2026-39772
A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...
EUVD-2026-39660
HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...
EUVD-2025-210351
Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...
EUVD-2026-39781
Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...
EUVD-2025-210352
Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...
EUVD-2025-210360
Contributor Cross Site Scripting XSS in Image Carousel = 1.0.0.41 versions...
EUVD-2026-39650
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
EUVD-2026-39656
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
EUVD-2026-39661
The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...
EUVD-2026-39653
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...
EUVD-2026-39654
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
EUVD-2026-39657
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
EUVD-2025-210350
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...
EUVD-2025-210349
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...
EUVD-2026-39652
Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...
EUVD-2026-39651
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...
EUVD-2026-39788
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...
EUVD-2026-39787
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...
EUVD-2026-39786
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...
EUVD-2026-39785
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...
EUVD-2026-39671
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
EUVD-2026-39670
Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...
EUVD-2026-39669
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...
EUVD-2026-39668
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...
EUVD-2026-39667
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
EUVD-2026-39665
Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...
EUVD-2026-39666
Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...
EUVD-2026-39664
Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...
EUVD-2026-39662
Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...
EUVD-2026-39663
Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...
EUVD-2026-39771
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
EUVD-2026-39769
Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...
EUVD-2026-39770
Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...
EUVD-2026-39768
Contributor SQL Injection in WP Job Portal = 2.5.2 versions...
EUVD-2026-39767
Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...
EUVD-2026-39766
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
EUVD-2026-39765
Contributor Cross Site Scripting XSS in Magazine Blocks = 1.8.3 versions...
EUVD-2026-39763
Contributor Broken Access Control in Nelio Content = 4.3.4 versions...
EUVD-2026-39764
Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...
EUVD-2026-39762
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
EUVD-2026-39761
Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...
EUVD-2026-39760
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
EUVD-2026-39758
Contributor SQL Injection in WP Post Author = 3.9.1 versions...
EUVD-2026-39759
Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...
EUVD-2026-39757
Contributor SQL Injection in Gallery = 4.7.8 versions...
EUVD-2026-39755
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
EUVD-2026-39756
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...
EUVD-2026-39754
Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...