CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in Advantech's Hospital Queuing Management allows unauthenticated remote attackers to access API documentation via a specific URL, leading to sensitive data exposure.
DBIx::QuickORM before version 0.000026 for Perl is vulnerable to SQL injection via unquoted SQL identifiers. The default SQL builder does not set quote_char, causing identifiers to be emitted verbatim into SQL queries.
The EventON plugin for WordPress up to version 5.0.11 is vulnerable to SQL injection via the 'search' parameter. Insufficient escaping and lack of query preparation allow unauthenticated attackers to append additional SQL queries, enabling extraction of sensitive database information if the 'Enable additional search queries' setting is enabled and at least one published event exists.
Raytha CMS is vulnerable to SQL Injection in the OData filter parsing pipeline. This allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database, leading to full database compromise, including credential extraction.
Delta Electronics DVP12SE PLC exposes a Modbus TCP service without authentication or access control, allowing unauthenticated attackers to interact with security-sensitive PLC functions.
Delta Electronics DVP12SE PLCs are vulnerable to an unlimited resource allocation attack in their Modbus TCP service. The lack of limits or throttling can lead to resource exhaustion.
The ProfileGrid plugin for WordPress up to version 5.9.9.5 contains a privilege escalation vulnerability via account takeover. Lack of validation of the `user_login` parameter in registration forms and improper error handling allow unauthenticated attackers to change the email address of the user account with ID=1 (typically an administrator), then reset the password and gain access.
An Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat causes special roles and empty authorization constraints to be omitted when the effective web.xml is logged. Affected versions include 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.0.M1 through 9.0.118, and 8.5.0 through 8.5.100.
A vulnerability was found in Apache Tomcat where a detection of error condition without action occurs when configuring CRLs for a FFM based connector. Affected versions are from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, and from 9.0.83 through 9.0.118.
Coolify prior to version 4.0.0-beta.474 has a vulnerability where Livewire web UI components accept server_id and destination_uuid from URL query parameters without team ownership validation. This allows cross-team resource deployment on servers belonging to other teams.
A vulnerability in Apple systems allows an app to cause unexpected system termination or corrupt kernel memory. The issue was addressed with improved input validation.
A vulnerability in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component. The issue stems from insufficient input validation or code injection protection.
Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue only impacts HTTP/2 ALB target groups.
Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected.
A vulnerability in Gorse before version 0.5.10 allows authentication bypass in the /api/dump and /api/restore endpoints. Unauthenticated attackers can exfiltrate the entire database containing personally identifiable information or completely overwrite the dataset.
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. By supplying path parameters with directory traversal sequences (../), an attacker can bypass configured path restrictions and access unauthorized endpoints on the same target host.
The Performer Arbitrary File Deletion vulnerability in Paid Videochat Turnkey Site versions up to 7.4.8 allows an attacker to delete arbitrary files on the server. This flaw can be exploited to remove critical system or application files.
The JoomCCK extension for Joomla exposes a front-end controller task that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterization.
A vulnerability in Gitea act_runner with Docker backend (up to act 0.262.0) allows bypassing privileged mode restrictions. By passing container options like --pid=host, --cap-add, and --security-opt, a user can access host namespaces and escalate privileges to root.
The Invoice Generator plugin for WordPress up to version 1.0.0 contains a privilege escalation vulnerability. Missing capability checks in the pravel_invoice_edit_account() AJAX action allow unauthenticated attackers to change the email address of any user, including administrators, and then use the password reset flow to take over the account.

