CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-60085
High

There is a vulnerability in Learnify versions up to 1.15.0 that allows unauthenticated local file inclusion.

CVE-2025-59563
High

Versions of Sonaar up to 4.27.4 contain a vulnerability that allows subscriber privilege escalation.

CVE-2025-59560
High

Versions of Sonaar <= 4.27.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2025-58954
High

There is an unauthenticated local file inclusion vulnerability in HomeRoofer versions <= 2.11.0.

CVE-2025-58953
High

There is an unauthenticated local file inclusion vulnerability in Joly versions up to 1.22.0.

CVE-2025-58952
High

Neuronet versions below 1.14.0 contain a vulnerability for unauthenticated local file inclusion.

CVE-2025-58924
High

Versions of Geya <= 1.15 are vulnerable to unauthenticated local file inclusion, which may lead to the disclosure of sensitive information.

CVE-2025-49403
High

WordPress versions up to 3.0.2 have a vulnerability that allows unauthenticated arbitrary file download in the Premium Age Verification / Restriction plugin.

CVE-2025-48643
High

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2025-48640
High

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.

CVE-2025-48617
High

In CarrierConfigLoader.java's overrideConfig, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2025-31013
High

CVE-2025-31013 describes an improper neutralization of input during web page generation in Themify Folo, leading to a Reflected XSS vulnerability.

CVE-2024-49269
High

Versions of my flatonica <= 0.0.8 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts in the user's context.

CVE-2024-32949
High

Missing Authorization in Prince Integrate Google Drive allows exploiting incorrectly configured access control security levels.

CVE-2024-32729
High

A 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows improper limitation of a pathname to a restricted directory.

CVE-2026-48294
High

Adobe Acrobat PDF Extension for Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session.

CVE-2026-46976
High

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite, affecting the component: Internal Operations. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks that can lead to system takeover.

CVE-2026-46974
High

Vulnerability in the Oracle VM VirtualBox product (component: Core) in version 7.2.8, which can be exploited by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. This allows for takeover of Oracle VM VirtualBox.

CVE-2026-46973
High

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite, affecting the Internal Operations component. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries.

CVE-2026-46972
High

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to take control of the system. Affects versions 12.2.3-12.2.15.

PreviousPage 107 of 3319Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS