CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-13750
Medium

In Snowflake CLI versions prior to 3.19, sensitive credentials (passwords, tokens, private keys) were written in plaintext to local debug log files. An attacker with read access to these logs could steal authentication data.

CVE-2026-13749
High

A vulnerability in Snowflake CLI prior to version 3.19 allows arbitrary code execution due to improper neutralization in the Snowpark annotation processor callback template. An attacker can supply crafted project content that is interpolated into generated Python code, causing the CLI to execute attacker-controlled code in the local user context.

CVE-2026-13748
Medium

A vulnerability in Snowflake CLI prior to version 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary.

CVE-2026-13746
Low

Snowflake CLI versions prior to 3.19 contain a vulnerability due to improper neutralization of local CLI parameters, allowing unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing unintended SQL execution in the context of the user's Snowflake session.

CVE-2026-13744
High

A vulnerability in Snowflake CLI prior to version 3.19 allowed unintended SQL execution by supplying crafted repository, project configuration, manifest data, or specification input. An attacker could execute arbitrary SQL in the context of the victim's Snowflake session.

CVE-2026-13742
Medium

A vulnerability in Honeywell IQ MultiAccess (versions up to and including 28) stems from improper digital signature verification. It allows an attacker to replace a downloaded file with a malicious one.

CVE-2026-13587
Low

In PcapPlusPlus 25.05, the function parse_by_block_type in light_pcapng.c is vulnerable to a heap-based buffer overflow. An attacker can remotely exploit this by manipulating the captured_packet_length argument, though the attack complexity is high and exploitation is difficult.

CVE-2026-13583
High

A buffer overflow vulnerability was found in Edimax EW-7478APC version 1.04 in the formUSBFolder function of the /goform/formUSBFolder file. Manipulation of the ShareName/SelectName arguments in a POST request can cause a buffer overflow, enabling remote attack. The exploit has been publicly disclosed and may be used.

CVE-2026-13582
High

A buffer overflow vulnerability has been found in Edimax EW-7478APC version 1.04 in the formUSBAccount function of the /goform/formUSBAccount file. An attacker can remotely manipulate the UserName/Password arguments, causing a buffer overflow. The exploit has been published and may be used.

CVE-2026-13581
MediumEPSS 63%

A vulnerability was found in Edimax EW-7478APC 1.04, involving OS command injection in the formStaDrvSetup function via the rootAPmac argument. The attack is remotely exploitable and the exploit is publicly available.

CVE-2026-13580
High

A buffer overflow vulnerability has been detected in the Edimax EW-7478APC version 1.04 in the formQoS function of the /goform/formQoS file. An attacker can remotely manipulate the selSSID argument, leading to a buffer overflow. The exploit has been publicly disclosed and may be used.

CVE-2026-13437
Medium

In Devolutions PowerShell Universal 2026.2.0, a vulnerability was found involving the insertion of sensitive information into sent data in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable authentication tokens with potentially higher privileges, which are serialized in plaintext in job API responses.

CVE-2026-57525
Unknown

CVE-2026-57525 has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.

CVE-2026-57523
Unknown

This CVE has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.

CVE-2026-57341
Medium

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin version 2.9.0 and below contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker without authentication to access sensitive data or operations by manipulating object identifiers.

CVE-2026-57340
Medium

The Japanized For WooCommerce plugin version 2.9.12 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

CVE-2026-57339
Medium

The Business Directory plugin version 6.4.23 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

CVE-2026-57338
High

The ARForms plugin version 7.1.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57337
High

The Landing Page Builder plugin version 1.5.3.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without requiring authentication.

CVE-2026-57336
High

The Jobify plugin version 4.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

PreviousPage 102 of 4484Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS