417709 matches found
EUVD-2026-39353
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
EUVD-2026-39407
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
EUVD-2026-39406
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...
EUVD-2026-39405
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...
EUVD-2026-39404
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...
EUVD-2026-39403
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
EUVD-2026-39402
Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...
EUVD-2026-39401
In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...
EUVD-2026-39400
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
EUVD-2026-39399
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
EUVD-2026-39398
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...
EUVD-2026-39397
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
EUVD-2026-39396
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
EUVD-2026-39395
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...
EUVD-2026-39394
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...
EUVD-2026-39393
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...
EUVD-2026-39392
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
EUVD-2026-39391
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...
EUVD-2026-39390
Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
EUVD-2026-39389
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...
EUVD-2026-39388
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
EUVD-2026-39387
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...
EUVD-2026-39386
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
EUVD-2026-39384
Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...
EUVD-2026-39385
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
EUVD-2026-39383
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
EUVD-2026-39381
Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...
EUVD-2026-39382
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
EUVD-2026-39380
Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...
EUVD-2026-39379
Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...
EUVD-2026-39378
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
EUVD-2026-39377
Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...
EUVD-2026-39376
Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...
EUVD-2026-39375
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
EUVD-2026-39374
Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...
EUVD-2026-39373
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
EUVD-2026-39372
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
EUVD-2026-39371
Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...
EUVD-2026-39370
Unauthenticated SQL Injection in MDTF = 1.3.7 versions...
EUVD-2026-39369
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
EUVD-2026-39368
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
EUVD-2026-39367
Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...
EUVD-2026-39366
Unauthenticated Broken Access Control in Motors = 1.4.109 versions...
EUVD-2026-39365
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
EUVD-2026-39363
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...
EUVD-2026-39364
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
EUVD-2026-39362
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
EUVD-2026-39361
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
EUVD-2026-39360
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
EUVD-2026-39359
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...