CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
There is an unauthenticated local file inclusion vulnerability in MaxiNet versions <= 1.2.10.
There is an unauthenticated local file inclusion vulnerability in Nexio versions <= 1.10.0.
There is an unauthenticated local file inclusion vulnerability in Planty versions <= 1.14.0.
There is an unauthenticated local file inclusion vulnerability in AirSupply versions <= 2.0.0.
There is an unauthenticated local file inclusion vulnerability in Raider Spirit <= 1.1.2 versions.
There is an unauthenticated local file inclusion vulnerability in Rosaleen versions <= 2.8.
Versions of Modernee <= 1.6.0 are vulnerable to unauthenticated local file inclusion.
Versions of Qreatix <= 1.9.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts in the context of the victim's browser.
In Brikk versions up to 3.0.0, there is a vulnerability that allows subscribers to delete arbitrary content.
In WPBot Pro, versions up to 13.6.5, there is a vulnerability allowing subscribers to delete arbitrary files.
There is a vulnerability in Learnify versions up to 1.15.0 that allows unauthenticated local file inclusion.
Versions of Sonaar up to 4.27.4 contain a vulnerability that allows subscriber privilege escalation.
Versions of Sonaar <= 4.27.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is an unauthenticated local file inclusion vulnerability in HomeRoofer versions <= 2.11.0.
There is an unauthenticated local file inclusion vulnerability in Joly versions up to 1.22.0.
Neuronet versions below 1.14.0 contain a vulnerability for unauthenticated local file inclusion.
Versions of Geya <= 1.15 are vulnerable to unauthenticated local file inclusion, which may lead to the disclosure of sensitive information.
WordPress versions up to 3.0.2 have a vulnerability that allows unauthenticated arbitrary file download in the Premium Age Verification / Restriction plugin.
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.

