CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In SettingsLib, there is a logic error that may allow disabling system components. This could lead to local escalation of privilege without the need for additional execution privileges.
There is an unauthenticated local file inclusion vulnerability in Truemag versions <= 4.3.14.2.
There is a vulnerability in Roneous versions up to 2.1.5 that allows unauthenticated local file inclusion.
ITactics versions up to 1.0 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.
Versions of Tipsy up to 1.1 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.
There is an unauthenticated local file inclusion vulnerability in Resurs <= 1.3 versions.
There is an unauthenticated local file inclusion vulnerability in Orpheus versions <= 1.3.
There is an unauthenticated local file inclusion vulnerability in Spike versions <= 1.2.
Versions of Eros up to 1.3 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.
There is an unauthenticated local file inclusion vulnerability in Choreo versions <= 1.6.
WineShop versions up to 3.17 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.
There is a vulnerability in Grecko versions up to 5.17 that allows unauthenticated local file inclusion.
There is a vulnerability in Snowy versions up to 1.13 that allows unauthenticated local file inclusion.
Gita versions up to 1.11 are vulnerable to unauthenticated local file inclusion.
Versions of Printo up to 1.11 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.
Versions of Grand Car Rental up to 3.7 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.
There is an unauthenticated local file inclusion vulnerability in Medeus versions <= 1.14.
There is an unauthenticated local file inclusion vulnerability in Top Dog versions <= 1.0.5.
There is an unauthenticated local file inclusion vulnerability in Quirky versions <= 1.23.
There is an unauthenticated local file inclusion vulnerability in Putter <= 1.17 versions.

