CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The MainWP plugin for WordPress versions 6.1.1 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to functions intended for administrators.
The Business Directory plugin version 6.4.22 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
An unauthenticated Cross Site Scripting (XSS) vulnerability exists in BEAR versions 1.1.8 and earlier. It allows a remote attacker to inject malicious JavaScript code into the page without requiring authentication.
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full remote code execution (RCE).
phpUploader before version 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.
The Home Assistant iOS companion app ignores the SSID allowlist for internal networks. When no other URL is found, it falls back to the internal URL, potentially exposing the user's token on an unsecured network.
A vulnerability in Claude Code (versions 2.1.38 through 2.1.163) allows worktree manipulation attacks, including creating worktrees named ".git" and navigating outside the sandbox. An attacker can overwrite files in the user's home directory (e.g., .zshenv), leading to code execution outside seatbelt sandbox restrictions.
The Helix3 plugin for Joomla! exposes an AJAX handler task that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters.
Claude Code versions 2.1.59 through 2.1.128 write responses from the /copy command to /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file is created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which may contain secrets or credentials.
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patientchangepassword.php file. By manipulating the newpassword argument, an attacker can remotely execute unauthorized database queries. The exploit has been made public, increasing the risk of attacks.
A SQL injection vulnerability has been discovered in itsourcecode Hospital Management System 1.0 in the /patientdetail.php file. An attacker can remotely manipulate the editid argument, leading to SQL injection. The exploit has been publicly released.
A vulnerability was found in LLVM up to version 22.1.6 in the GCRelocateInst::getBasePtr function within IntrinsicInst.cpp, which handles Bitcode files. Manipulation of input data can cause a heap-based buffer overflow. The attack requires local access, and the exploit has been publicly disclosed, although LLVM authors question whether this is a genuine security vulnerability.
A stack-based buffer overflow vulnerability exists in the LLVM library in the llvm::StringMap::insert function within ValueSymbolTable.cpp. The issue affects versions up to 22.1.6 and requires local access to exploit.
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /insertbillingrecord.php. An attacker can remotely manipulate the patientid argument, leading to SQL injection. The exploit has been publicly disclosed.
A vulnerability has been found in SourceCodester Simple Food Ordering System 1.0 in the file /cart.php. Manipulation of the item_price argument can lead to business logic errors. The attack can be performed remotely and the exploit has been published.
A vulnerability in HCL DevOps Deploy / HCL Launch allows exposure of sensitive information in output logs. An attacker with access to the logs could potentially obtain sensitive values related to that step.
A vulnerability in the getfattr and setfattr utilities before version 2.6.0 allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files, leading to local privilege escalation when these tools are invoked by a privileged process over an attacker-controlled path.
A TOCTOU race condition vulnerability was found in the ACL library before version 2.4.0, allowing local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat() check and subsequent symlink-following operations such as stat(), chown(), chmod(), acl_get_file(), and acl_set_file(). Attackers who control a pathname component can redirect file access control list operations to arbitrary files when getfacl, setfacl, or chacl is invoked by a privileged process over an attacker-controlled path, resulting in local privilege escalation.
A symlink traversal vulnerability was found in the libacl library before version 2.4.0 in pathname-based functions. A local attacker can replace any pathname component with a symbolic link, leading to privilege escalation by manipulating access control lists.
FrontAccounting before version 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without parameterization. Attackers with SA_GLANALYTIC permission can inject arbitrary SQL by supplying a closing parenthesis followed by malicious conditions to extract sensitive journal entry data through boolean-based blind SQL injection with reliable response size differentials.

