Lucene search
K

418680 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42839

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42838

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42837

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42836

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42835

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42834

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42833

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42832

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-42831

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS
Exploits0References3
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-42830

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

6AI score
Exploits0References1
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-42829

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

6AI score
Exploits0References1
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-42828

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score
Exploits0References12
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-42827

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42826

Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information...

4.8CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42825

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42824

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42823

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42822

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...

6.8CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42821

Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings...

5.1CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago2 views

EUVD-2026-42820

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42819

Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...

8.4CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42818

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42817

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42816

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago2 views

EUVD-2026-42815

Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application...

5.8CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42814

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...

6.7CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42813

Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...

8.4CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42812

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42811

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42810

Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings...

6.9CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-42809

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42808

The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42806

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS6AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42807

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS6AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42805

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42804

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42803

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42802

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS6.3AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42800

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42801

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42799

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42798

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS6AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42795

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42797

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42796

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS6AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42794

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42793

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score
Exploits0References10
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42792

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

5.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score
Exploits0References4
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42791

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6AI score
Exploits0References2
Total number of security vulnerabilities418680