CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-12444
Medium

An out of bounds read in Chromoting in Google Chrome on Windows prior to version 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file.

CVE-2026-12115
Medium

The Counter Box – Add Countdowns, Timers & Dynamic Counters plugin for WordPress is vulnerable to PHP Object Injection in versions up to and including 2.0.13 via deserialization of untrusted input. This allows authenticated attackers with administrator-level access to inject a PHP Object.

CVE-2026-11975
Medium

In SimplCommerce prior to commit 6142d3b5, there is a stored XSS vulnerability in NewsItemApiController. This allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization.

CVE-2026-10839
Medium

An open redirection vulnerability in the authentication system allows an attacker to manipulate values in the X-Forwarded-Host header, potentially altering URLs generated by the application.

CVE-2026-10837
Medium

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker.

CVE-2026-10836
Medium

Improper handling of HTTP headers allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses.

CVE-2026-0064
Medium

There is a possible persistent denial of service due to resource exhaustion in multiple places. This could lead to local denial of service with no additional execution privileges needed.

CVE-2025-69137
Medium

There is a broken access control issue in Genemy versions <= 1.6.6 that may allow unauthorized subscribers to access resources.

CVE-2025-59872
Medium

HCL ZIE for Web is affected by an unrestricted file upload vulnerability. If the server is configured to execute code, it may be possible to obtain command execution by uploading a web shell.

CVE-2025-48571
Medium

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2025-15642
Medium

A vulnerability has been identified in the Netskope Client for Windows that allows a malicious insider with admin privileges to bypass NSClient Tamper protections due to weak Discretionary Access Control Lists (DACLs) on the service object and related registry keys.

CVE-2025-15641
Medium

A vulnerability has been identified in the Netskope Client for Windows systems that allows a malicious insider with administrative privileges to tamper with the client IOCTL by sending crafted requests to the driver. A successful exploit can lead to bypassing all anti-tampering protections for NSClient.

CVE-2024-37496
Medium

Metro Magazine by Rara Themes has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2024-37210
Medium

AliNext has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects versions from n/a through 3.3.5.

CVE-2024-35690
Medium

CVE-2024-35690 describes a vulnerability where sensitive information can be inserted into sent data in MarketingFire Widget Options, allowing retrieval of embedded sensitive data.

CVE-2024-35648
Medium

CSRF vulnerability in Andy Moyle's Emergency Password Reset allows Cross-Site Request Forgery. This issue affects versions from n/a through 8.0.

CVE-2024-34810
Medium

CVE-2024-34810 describes a Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Skyline WP, allowing for CSRF attacks. This affects Skyline WP versions from n/a through 1.0.10.

CVE-2024-33909
Medium

A missing authorization vulnerability in Avirtum iPages Flipbook allows exploiting incorrectly configured access control security levels.

CVE-2024-33685
Medium

Startupzy has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2024-31435
Medium

Inisev Social Media & Share Icons has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

PreviousPage 108 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS