412516 matches found
EUVD-2026-37024
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...
EUVD-2026-37023
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...
EUVD-2026-37030
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...
EUVD-2026-37029
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
EUVD-2026-37028
A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...
EUVD-2026-37027
A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...
EUVD-2026-37026
A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...
EUVD-2026-37021
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37022
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37020
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37010
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...
EUVD-2026-37009
Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...
EUVD-2026-37016
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...
EUVD-2026-37019
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37018
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37011
Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities...
EUVD-2026-37025
A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...
EUVD-2026-37017
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...
EUVD-2026-37015
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
EUVD-2026-37014
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
EUVD-2026-37013
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...
EUVD-2026-37012
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...
EUVD-2026-36908
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
EUVD-2026-37000
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...
EUVD-2026-36978
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...
EUVD-2026-36981
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
EUVD-2026-36982
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...
EUVD-2026-36985
Unauthenticated Broken Access Control in WP Event SOlution = 4.1.8 versions...
EUVD-2026-36986
Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...
EUVD-2026-36989
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
EUVD-2026-36991
Subscriber Broken Access Control in ChatBot = 7.9.7 versions...
EUVD-2026-36993
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...
EUVD-2026-36998
Subscriber Broken Access Control in Amelia = 2.2 versions...
EUVD-2026-36988
Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...
EUVD-2026-36990
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
EUVD-2026-36992
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
EUVD-2026-36994
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
EUVD-2026-36996
Subscriber Broken Access Control in Groundhogg 4.4.1 versions...
EUVD-2026-36979
Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...
EUVD-2026-36977
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
EUVD-2026-36980
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
EUVD-2026-36984
Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...
EUVD-2026-36997
Subscriber Broken Access Control in myCred = 3.0.3 versions...
EUVD-2026-36995
Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...
EUVD-2026-36987
Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...
EUVD-2026-36983
Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...
EUVD-2026-36976
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
EUVD-2026-36960
Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...
EUVD-2026-36959
Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...
EUVD-2026-36962
Unauthenticated Broken Access Control in AWP Classifieds = 4.4.4 versions...