CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In Snowflake CLI versions prior to 3.19, sensitive credentials (passwords, tokens, private keys) were written in plaintext to local debug log files. An attacker with read access to these logs could steal authentication data.
A vulnerability in Snowflake CLI prior to version 3.19 allows arbitrary code execution due to improper neutralization in the Snowpark annotation processor callback template. An attacker can supply crafted project content that is interpolated into generated Python code, causing the CLI to execute attacker-controlled code in the local user context.
A vulnerability in Snowflake CLI prior to version 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary.
Snowflake CLI versions prior to 3.19 contain a vulnerability due to improper neutralization of local CLI parameters, allowing unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing unintended SQL execution in the context of the user's Snowflake session.
A vulnerability in Snowflake CLI prior to version 3.19 allowed unintended SQL execution by supplying crafted repository, project configuration, manifest data, or specification input. An attacker could execute arbitrary SQL in the context of the victim's Snowflake session.
A vulnerability in Honeywell IQ MultiAccess (versions up to and including 28) stems from improper digital signature verification. It allows an attacker to replace a downloaded file with a malicious one.
In PcapPlusPlus 25.05, the function parse_by_block_type in light_pcapng.c is vulnerable to a heap-based buffer overflow. An attacker can remotely exploit this by manipulating the captured_packet_length argument, though the attack complexity is high and exploitation is difficult.
A buffer overflow vulnerability was found in Edimax EW-7478APC version 1.04 in the formUSBFolder function of the /goform/formUSBFolder file. Manipulation of the ShareName/SelectName arguments in a POST request can cause a buffer overflow, enabling remote attack. The exploit has been publicly disclosed and may be used.
A buffer overflow vulnerability has been found in Edimax EW-7478APC version 1.04 in the formUSBAccount function of the /goform/formUSBAccount file. An attacker can remotely manipulate the UserName/Password arguments, causing a buffer overflow. The exploit has been published and may be used.
A vulnerability was found in Edimax EW-7478APC 1.04, involving OS command injection in the formStaDrvSetup function via the rootAPmac argument. The attack is remotely exploitable and the exploit is publicly available.
A buffer overflow vulnerability has been detected in the Edimax EW-7478APC version 1.04 in the formQoS function of the /goform/formQoS file. An attacker can remotely manipulate the selSSID argument, leading to a buffer overflow. The exploit has been publicly disclosed and may be used.
In Devolutions PowerShell Universal 2026.2.0, a vulnerability was found involving the insertion of sensitive information into sent data in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable authentication tokens with potentially higher privileges, which are serialized in plaintext in job API responses.
CVE-2026-57525 has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.
This CVE has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.
The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin version 2.9.0 and below contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker without authentication to access sensitive data or operations by manipulating object identifiers.
The Japanized For WooCommerce plugin version 2.9.12 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.
The Business Directory plugin version 6.4.23 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.
The ARForms plugin version 7.1.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Landing Page Builder plugin version 1.5.3.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without requiring authentication.
The Jobify plugin version 4.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

