CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) in yelp-xsl. A malicious Flatpak app can open crafted help content via the OpenURI portal, and embedding untrusted CSS in SVG documents bypasses Flatpak's sandbox isolation. This allows Yelp to read local XML files and disclose arbitrary user-readable host files through remote CSS requests.
A cross-site scripting vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/mod_room/controller.php?action=add. Manipulation of the Name argument in a POST request allows remote injection of malicious scripts. The exploit is publicly available.
A cross-site scripting vulnerability was found in itsourcecode Online Hotel Management System 1.0. An unknown part of the file /admin/mod_users/controller.php?action=edit in the POST Request Handler component allows manipulation of the Name argument, leading to script execution. The attack can be performed remotely and the exploit has been publicly disclosed.
A SQL injection vulnerability was found in Online Hotel Management System 1.0 in the file /admin/mod_users/controller.php?action=add. Manipulation of the Name argument allows remote SQL injection. The exploit has been made public, increasing attack risk.
A cross-site scripting vulnerability was found in Online Hotel Management System 1.0 in the file /admin/mod_amenities/controller.php?action=add. Manipulation of the Name argument in a POST request allows remote script injection. The exploit has been disclosed.
A flaw in Online Hotel Management System 1.0 in the file /admin/mod_amenities/controller.php?action=add allows unrestricted file upload via the image argument. This can lead to remote code execution. The exploit has been published and may be used.
A SQL injection vulnerability was found in the Online Hotel Management System 1.0 in the file /admin/mod_amenities/controller.php?action=edit. An attacker can remotely manipulate the amen_id argument, leading to SQL injection. The exploit is publicly available.
Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function. An unauthenticated attacker can trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a specific fragment_length value.
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system, as the filename provided by the host is not properly sanitized before use.
An integer overflow vulnerability was found in spice-vdagent. A malicious or compromised SPICE host can send a crafted message, leading to a heap buffer overflow and crash of the spice-vdagent daemon, resulting in a Denial of Service (DoS) for the virtual machine.
The vulnerability in O+ Connect's IPC service stems from a lack of client authentication. External applications can escalate privileges and perform sensitive actions through the IPC channel.
A heap use-after-free vulnerability was found in the libblkid library of util-linux. During nested partition probing, a pointer to a parent partition entry becomes stale after array reallocation, allowing an attacker to read freed memory.
A SQL injection vulnerability has been found in itsourcecode Baptism Information Management System 1.0 in the /editBaptism.php file. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit has been publicly disclosed.
A SQL injection vulnerability has been found in itsourcecode Baptism Information Management System 1.0 in the file /delbaptism.php. An unknown function mishandles the ID argument, allowing remote exploitation. The exploit is publicly available and could be used in attacks.
A security flaw in CodeAstro Complaint Management System 1.0 allows remote authorization bypass via the deletereport function in Report.php. The exploit is publicly available.
A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the /doctortimings.php file. Remote attackers can manipulate the editid argument to inject SQL code. The exploit is publicly available.
A vulnerability was found in Hanwang e-Face General Management Platform 6.3.5.4, allowing unrestricted file upload. The issue affects the /manage/resourceUpload/upload.do endpoint, where manipulation of the File argument enables remote upload of arbitrary files. The exploit has been publicly disclosed and may be used.
A missing authentication vulnerability was found in Feehi CMS up to version 2.1.1 in the REST API endpoint /api/articles. The attack can be performed remotely without authentication, and exploit details are publicly available.
A vulnerability was found in D-Link DCS-935L camera firmware version 1.10.01, allowing OS command injection. The issue resides in the sub_400E40 function of the setconf.cgi file, where the UID argument is mishandled by the POST Parameter Handler component. The attack can be launched remotely, and exploit details are publicly available.
The F4 Post Tree WordPress plugin before version 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.

