417735 matches found
EUVD-2026-39386
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
EUVD-2026-39384
Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...
EUVD-2026-39385
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
EUVD-2026-39383
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
EUVD-2026-39382
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
EUVD-2026-39381
Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...
EUVD-2026-39380
Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...
EUVD-2026-39379
Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...
EUVD-2026-39378
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
EUVD-2026-39377
Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...
EUVD-2026-39376
Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...
EUVD-2026-39375
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
EUVD-2026-39374
Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...
EUVD-2026-39373
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
EUVD-2026-39372
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
EUVD-2026-39371
Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...
EUVD-2026-39370
Unauthenticated SQL Injection in MDTF = 1.3.7 versions...
EUVD-2026-39369
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
EUVD-2026-39368
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
EUVD-2026-39367
Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...
EUVD-2026-39366
Unauthenticated Broken Access Control in Motors = 1.4.109 versions...
EUVD-2026-39365
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
EUVD-2026-39363
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...
EUVD-2026-39364
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
EUVD-2026-39362
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
EUVD-2026-39361
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
EUVD-2026-39360
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
EUVD-2026-39359
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...
EUVD-2026-39358
Incomplete validation of the SOA record present in a catalog zone might lead to a crash...
EUVD-2026-39357
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...
EUVD-2026-39356
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
EUVD-2026-39352
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...
EUVD-2026-39351
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...
EUVD-2026-39350
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...
EUVD-2026-39349
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...
EUVD-2026-39348
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...
EUVD-2026-39347
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...
EUVD-2026-39346
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
EUVD-2026-39345
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
EUVD-2026-39331
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...
EUVD-2026-39337
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...
EUVD-2026-39338
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...
EUVD-2026-39340
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs Why & How dpsdpmessagedebugfswrite dereferences connector-base.state-crtc without checking for NULL. A connector can be connected but not bound to any CRTC e.g...
EUVD-2026-39343
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...
EUVD-2026-39336
In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access ethhdrskb after either assuming that the skb is associated with an...
EUVD-2026-39339
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftfib: fix stale stack leak via the OIFNAME register For NFTFIBRESULTOIFNAME the destination register is declared with len = IFNAMSIZ four 32-bit registers, but on the lookup-fail, RTNLOCAL and oif-mismatch paths...
EUVD-2026-39342
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp HDMI HDCP2 rxidlist read to buffer size Why & How During HDCP 2.x repeater authentication over HDMI, the driver reads the sink's RxStatus register and extracts a 10-bit message size field max value 1023. Th...
EUVD-2026-39341
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...
EUVD-2026-39333
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...
EUVD-2026-39332
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...