CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
There is a vulnerability in Learnify versions up to 1.15.0 that allows unauthenticated local file inclusion.
Versions of Sonaar up to 4.27.4 contain a vulnerability that allows subscriber privilege escalation.
Versions of Sonaar <= 4.27.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is an unauthenticated local file inclusion vulnerability in HomeRoofer versions <= 2.11.0.
There is an unauthenticated local file inclusion vulnerability in Joly versions up to 1.22.0.
Neuronet versions below 1.14.0 contain a vulnerability for unauthenticated local file inclusion.
Versions of Geya <= 1.15 are vulnerable to unauthenticated local file inclusion, which may lead to the disclosure of sensitive information.
WordPress versions up to 3.0.2 have a vulnerability that allows unauthenticated arbitrary file download in the Premium Age Verification / Restriction plugin.
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.
In CarrierConfigLoader.java's overrideConfig, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2025-31013 describes an improper neutralization of input during web page generation in Themify Folo, leading to a Reflected XSS vulnerability.
Versions of my flatonica <= 0.0.8 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts in the user's context.
Missing Authorization in Prince Integrate Google Drive allows exploiting incorrectly configured access control security levels.
A 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows improper limitation of a pathname to a restricted directory.
Adobe Acrobat PDF Extension for Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session.
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite, affecting the component: Internal Operations. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks that can lead to system takeover.
Vulnerability in the Oracle VM VirtualBox product (component: Core) in version 7.2.8, which can be exploited by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. This allows for takeover of Oracle VM VirtualBox.
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite, affecting the Internal Operations component. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries.
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to take control of the system. Affects versions 12.2.3-12.2.15.

