Lucene search
K

418435 matches found

EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42588

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...

6.9CVSS
Exploits0References3
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42587

Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...

6.9CVSS
Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42586

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42585

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS
Exploits0References6
EUVD
EUVD
added 2 hours ago1 views

EUVD-2026-42584

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42583

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42582

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42590

A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

4.8CVSS
Exploits0References8
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42589

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-42581

A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...

4.8CVSS5.5AI score
Exploits0References9
EUVD
EUVD
added 3 hours ago6 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score
Exploits0References10
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-42579

The WP Cost Estimation & Payment Forms Builder E&P Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 4 hours ago5 views

EUVD-2026-42578

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-42577

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42576

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42575

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98...

6.1CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42574

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a...

6.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42573

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-42572

Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a...

6.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42571

Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e...

6.1CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42570

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an...

7.5CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42569

A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit...

7.1CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42567

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score
Exploits0References10
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42568

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42565

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42566

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score
Exploits0References7
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42562

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42563

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42564

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score
Exploits0References13
EUVD
EUVD
added 5 hours ago6 views

EUVD-2026-42561

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS6AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago6 views

EUVD-2026-42560

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS6.2AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42559

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago7 views

EUVD-2026-42558

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago6 views

EUVD-2026-42557

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

4.6CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago6 views

EUVD-2026-42556

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...

4.6CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42555

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago8 views

EUVD-2026-42554

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

9.3CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42553

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42551

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score
Exploits0References10
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42548

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57...

9.8CVSS6AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42547

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42546

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42544

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS6.2AI score
Exploits0References12
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-42545

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6AI score
Exploits0References5
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42543

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS6AI score
Exploits0References10
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42541

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42542

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.7 via the 'wpuffilesdata' parameter due to missing validation on a user controll...

5.3CVSS6AI score
Exploits0References8
Total number of security vulnerabilities418435