EUVD-2024-55624

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...

EUVD-2026-37130

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

EUVD-2026-37129

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

EUVD-2024-55623

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

EUVD-2026-37128

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

EUVD-2026-37127

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

EUVD-2024-55622

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...

EUVD-2026-37126

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

EUVD-2026-37125

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

EUVD-2024-55621

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

EUVD-2026-37124

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

EUVD-2026-35675

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability...

EUVD-2026-37123

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...

EUVD-2026-37122

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...

EUVD-2026-37121

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

EUVD-2026-37120

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...

EUVD-2024-55620

Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution...

EUVD-2025-210169

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...

EUVD-2025-210168

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...

EUVD-2026-36428

Nuxt: Reflected XSS in via unsanitised javascript: or data: URL...

EUVD-2026-36427

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher...

EUVD-2026-37119

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

EUVD-2026-37118

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...

EUVD-2025-210167

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

EUVD-2026-37117

Zephyr's IPv6 Neighbor Discovery send paths netipv6sendna, netipv6sendns, netipv6sendrs in subsys/net/ip/ipv6nbr.c updated the per-interface ICMP-sent statistics by calling netpktifacepkt after netsenddatapkt had already returned successfully. On the success path the network stack owns and releas...

EUVD-2026-37116

In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...

EUVD-2026-37115

subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...

EUVD-2026-37114

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

EUVD-2026-37113

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

EUVD-2026-37112

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault MNRF. A program download is required to...

EUVD-2026-37078

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

EUVD-2026-37077

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

EUVD-2026-37076

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

EUVD-2026-37075

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12...

EUVD-2026-37074

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

EUVD-2026-37073

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

EUVD-2026-37072

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37071

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

EUVD-2026-37070

Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

EUVD-2026-37069

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37068

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37067

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37111

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37110

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37109

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37108

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37107

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37106

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

EUVD-2026-37105

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...