417501 matches found
EUVD-2026-41367
PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
EUVD-2026-41366
luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...
EUVD-2026-41325
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components...
EUVD-2026-41324
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...
EUVD-2026-41323
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16...
EUVD-2026-41322
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
EUVD-2026-41321
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
EUVD-2026-41320
Contributor SQL Injection in WP EasyCart = 5.9.0 versions...
EUVD-2026-41319
Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...
EUVD-2026-41318
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
EUVD-2026-41317
Author Cross Site Scripting XSS in Simple URLs = 151 versions...
EUVD-2026-41315
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
EUVD-2026-41316
Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...
EUVD-2026-41314
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
EUVD-2026-41313
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
EUVD-2026-41312
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
EUVD-2026-41311
Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...
EUVD-2026-41310
Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...
EUVD-2026-41309
Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...
EUVD-2026-41308
Contributor SQL Injection in iNET Webkit 1.2.4 versions...
EUVD-2026-41307
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
EUVD-2026-41306
Unauthenticated Broken Access Control in ez Form Calculator Premium = 2.14.1.2 versions...
EUVD-2026-41305
Contributor Local File Inclusion in SportsPress Pro = 2.7.29 versions...
EUVD-2026-41304
Contributor Local File Inclusion in Shopify = 1.0.0 versions...
EUVD-2026-41302
Subscriber Broken Access Control in Booked = 3.0.0 versions...
EUVD-2026-41303
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
EUVD-2026-41301
Contributor Broken Access Control in Flatsome = 3.20.5 versions...
EUVD-2026-41300
Subscriber Broken Access Control in Flatsome = 3.20.5 versions...
EUVD-2026-41299
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
EUVD-2026-41298
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
EUVD-2026-41297
Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...
EUVD-2026-41296
Contributor SQL Injection in Custom Field Template = 2.7.8 versions...
EUVD-2026-41295
Unauthenticated Cross Site Scripting XSS in WowAddons = 1.6.14 versions...
EUVD-2026-41294
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
EUVD-2026-41293
Contributor Cross Site Scripting XSS in TheFox = 3.9.70 versions...
EUVD-2026-41292
Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...
EUVD-2026-41291
Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...
EUVD-2026-41290
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
EUVD-2026-41289
Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...
EUVD-2026-41288
Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...
EUVD-2026-41287
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...
EUVD-2026-41286
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
EUVD-2026-41285
Unauthenticated Cross Site Scripting XSS in Timetics = 1.0.58 versions...
EUVD-2026-41284
Unauthenticated Cross Site Scripting XSS in Optimole = 4.2.7 versions...
EUVD-2026-41283
Unauthenticated Cross Site Scripting XSS in wpDataTables = 6.5.1.1 versions...
EUVD-2026-41282
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...
EUVD-2026-41281
Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...
EUVD-2026-41280
Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...
EUVD-2026-41279
Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...
EUVD-2026-41278
Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...