#euvd β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #euvd, aggregated by home.social.
-
π¨ EUVD-2026-28261
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: nocobase
π’ Vendor: nocobase
π Updated: 2026-05-07π NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with st...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28261
-
π¨ EUVD-2026-28318
π Score: 7.2/10 (CVSS v3.1)
π¦ Product: nocobase
π’ Vendor: nocobase
π Updated: 2026-05-07π NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is appli...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28318
-
π¨ EUVD-2026-28310
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: mathjs
π’ Vendor: josdejong
π Updated: 2026-05-07π Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28310
-
π¨ EUVD-2026-28316
π Score: 9.3/10 (CVSS v3.1)
π¦ Product: fabric
π’ Vendor: Hyperledger, Hyperledger
π Updated: 2026-05-07π Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call Obj...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28316
-
π¨ EUVD-2026-28342
π Score: 6.9/10 (CVSS v3.1)
π¦ Product: Cryptobox, Cryptobox
π’ Vendor: Ercom
π Updated: 2026-05-07π Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28342
-
π¨ EUVD-2026-28338
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Royal Elementor Addons
π’ Vendor: wproyal
π Updated: 2026-05-07π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28338
-
π¨ EUVD-2026-28340
π Score: 4.7/10 (CVSS v3.1)
π¦ Product: ZXCLOUD iRAI
π’ Vendor: ZTE
π Updated: 2026-05-07π A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28340
-
π¨ EUVD-2026-28334
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: YITH WooCommerce Wishlist
π’ Vendor: YITH
π Updated: 2026-05-07π Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28334
-
π¨ EUVD-2026-28336
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: PDF Poster
π’ Vendor: bPlugins
π Updated: 2026-05-07π Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28336
-
π¨ EUVD-2026-28330
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Royal Elementor Addons
π’ Vendor: wproyal
π Updated: 2026-05-07π Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28330
-
π¨ EUVD-2026-28332
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Happy Addons for Elementor
π’ Vendor: wedevs
π Updated: 2026-05-07π Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.
This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28332
-
π¨ EUVD-2025-209718
π Score: 5.4/10 (CVSS v3.1)
π¦ Product: WPGraphQL
π’ Vendor: WPGraphQL
π Updated: 2026-05-07π Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery.
This issue affects WPGraphQL: from n/a through 2.5.3.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209718
-
π¨ EUVD-2025-209716
π Score: 7.6/10 (CVSS v3.1)
π¦ Product: Team Member
π’ Vendor: wpmart
π Updated: 2026-05-07π Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.
This issue affects Team Member: from n/a through 8.5.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209716
-
π¨ EUVD-2025-209714
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Bus Ticket Booking with Seat Reservation
π’ Vendor: Magepeople inc.
π Updated: 2026-05-07π Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Bus Ticket Booking with Se...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209714
-
π¨ EUVD-2025-209712
π Score: 5.9/10 (CVSS v3.1)
π¦ Product: WEN Logo Slider
π’ Vendor: WEN Themes
π Updated: 2026-05-07π Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS.
This issue affects WEN Logo Slider: from n/a through 3.4.0.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209712
-
π¨ EUVD-2024-55567
π Score: 8.0/10 (CVSS v3.1)
π¦ Product: FL MGUARD DELTA TX/TX, TC MGUARD RS2000 4G VPN, FL MGUARD CORE TX (+33 more)
π’ Vendor: PHOENIX CONTACT
π Updated: 2026-05-07π A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-55567
-
π¨ EUVD-2026-28329
π Score: 5.7/10 (CVSS v3.1)
π¦ Product: ZXCLOUD iRAI
π’ Vendor: ZTE
π Updated: 2026-05-07π ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hija...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28329
-
π¨ EUVD-2025-209708
π Score: 8.1/10 (CVSS v3.1)
π¦ Product: Hitachi Virtual Storage Platform One Block 26, Hitachi Virtual Storage Platform One Block 24, Hitachi Virtual Storage Platform One Block 28 (+1 more)
π’ Vendor: Hitachi
π Updated: 2026-05-07π OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209708
-
π¨ EUVD-2026-28327
π Score: 5.4/10 (CVSS v3.1)
π¦ Product: libreoffice, libreoffice
π’ Vendor: The Document Foundation
π Updated: 2026-05-07π Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28327
-
π¨ EUVD-2026-28326
π Score: 7.1/10 (CVSS v3.1)
π¦ Product: MongoDB Server
π’ Vendor: MongoDB Inc.
π Updated: 2026-05-07π An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28326
-
π¨ EUVD-2026-28315
π Score: 5.0/10 (CVSS v3.1)
π¦ Product: istio, istio
π’ Vendor: istio
π Updated: 2026-05-07π Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28315
-
π¨ EUVD-2026-28319
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: BetterDocs Pro
π’ Vendor: betterdocs
π Updated: 2026-05-07π The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is due to the `limit` POST parameter being interpolate...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28319
-
π¨ EUVD-2026-28321
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: Slider Revolution
π’ Vendor: Revolution Slider
π Updated: 2026-05-07π The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possib...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28321
-
π¨ EUVD-2026-28323
π Score: 8.1/10 (CVSS v3.1)
π¦ Product: WP-Optimize β Cache, Compress images, Minify & Clean database to boost page speed & performance
π’ Vendor: davidanderson
π Updated: 2026-05-07π The WP-Optimize β Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion du...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28323
-
π¨ EUVD-2026-28312
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: yeswiki
π’ Vendor: YesWiki
π Updated: 2026-05-07π YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated d...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28312
-
π¨ EUVD-2026-28304
π Score: 3.7/10 (CVSS v3.1)
π¦ Product: Tor
π’ Vendor: torproject
π Updated: 2026-05-07π Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28304
-
π¨ EUVD-2026-28308
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Forminator Forms β Contact Form, Payment Form & Custom Form Builder
π’ Vendor: wpmudev
π Updated: 2026-05-07π The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cl...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28308
-
π¨ EUVD-2026-28306
π Score: 3.7/10 (CVSS v3.1)
π¦ Product: Tor
π’ Vendor: torproject
π Updated: 2026-05-07π Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28306
-
π¨ EUVD-2026-28302
π Score: 3.7/10 (CVSS v3.1)
π¦ Product: Tor
π’ Vendor: torproject
π Updated: 2026-05-07π Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28302
-
π¨ EUVD-2026-28298
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: OpenEXR, OpenEXR, OpenEXR
π’ Vendor: AcademySoftwareFoundation
π Updated: 2026-05-07π OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to bef...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28298
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.97/10 (Medium)
π Vulnerabilities: 156
β¬οΈ Min: 2.0 | β¬οΈ Max: 10.0π Date: 2026-05-05
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.97/10 (Medium)
π Vulnerabilities: 156
β¬οΈ Min: 2.0 | β¬οΈ Max: 10.0π Date: 2026-05-05
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.97/10 (Medium)
π Vulnerabilities: 156
β¬οΈ Min: 2.0 | β¬οΈ Max: 10.0π Date: 2026-05-05
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.97/10 (Medium)
π Vulnerabilities: 156
β¬οΈ Min: 2.0 | β¬οΈ Max: 10.0π Date: 2026-05-05
-
π EUVD Daily CVSS Summary
π Average Score: 7.07/10 (High)
π Vulnerabilities: 159
β¬οΈ Min: 2.3 | β¬οΈ Max: 10.0π Date: 2026-05-04
-
π EUVD Daily CVSS Summary
π Average Score: 7.07/10 (High)
π Vulnerabilities: 159
β¬οΈ Min: 2.3 | β¬οΈ Max: 10.0π Date: 2026-05-04
-
π EUVD Daily CVSS Summary
π Average Score: 7.07/10 (High)
π Vulnerabilities: 159
β¬οΈ Min: 2.3 | β¬οΈ Max: 10.0π Date: 2026-05-04
-
π EUVD Daily CVSS Summary
π Average Score: 7.07/10 (High)
π Vulnerabilities: 159
β¬οΈ Min: 2.3 | β¬οΈ Max: 10.0π Date: 2026-05-04
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.11/10 (Medium)
π Vulnerabilities: 36
β¬οΈ Min: 2.3 | β¬οΈ Max: 8.7π Date: 2026-05-03
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.11/10 (Medium)
π Vulnerabilities: 36
β¬οΈ Min: 2.3 | β¬οΈ Max: 8.7π Date: 2026-05-03
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.11/10 (Medium)
π Vulnerabilities: 36
β¬οΈ Min: 2.3 | β¬οΈ Max: 8.7π Date: 2026-05-03
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.11/10 (Medium)
π Vulnerabilities: 36
β¬οΈ Min: 2.3 | β¬οΈ Max: 8.7π Date: 2026-05-03
-
π EUVD Weekly CVSS Summary
π‘ Average Score: 6.72/10 (Medium)
π Vulnerabilities: 809
β¬οΈ Min: -1.0 | β¬οΈ Max: 10.0π Period: 2026-04-26 - 2026-05-02
-
π EUVD Weekly CVSS Summary
π‘ Average Score: 6.72/10 (Medium)
π Vulnerabilities: 809
β¬οΈ Min: -1.0 | β¬οΈ Max: 10.0π Period: 2026-04-26 - 2026-05-02
-
π EUVD Weekly CVSS Summary
π‘ Average Score: 6.72/10 (Medium)
π Vulnerabilities: 809
β¬οΈ Min: -1.0 | β¬οΈ Max: 10.0π Period: 2026-04-26 - 2026-05-02
-
π EUVD Weekly CVSS Summary
π‘ Average Score: 6.72/10 (Medium)
π Vulnerabilities: 809
β¬οΈ Min: -1.0 | β¬οΈ Max: 10.0π Period: 2026-04-26 - 2026-05-02
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.64/10 (Medium)
π Vulnerabilities: 75
β¬οΈ Min: 4.3 | β¬οΈ Max: 9.8π Date: 2026-05-02
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.64/10 (Medium)
π Vulnerabilities: 75
β¬οΈ Min: 4.3 | β¬οΈ Max: 9.8π Date: 2026-05-02
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.64/10 (Medium)
π Vulnerabilities: 75
β¬οΈ Min: 4.3 | β¬οΈ Max: 9.8π Date: 2026-05-02
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.64/10 (Medium)
π Vulnerabilities: 75
β¬οΈ Min: 4.3 | β¬οΈ Max: 9.8π Date: 2026-05-02