CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2025-69154
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the SpaLab Beauty Salon WordPress Theme version 6.7 and earlier. It allows a remote attacker to inject malicious JavaScript code without authentication.

CVE-2025-69153
High

The Trendy Travel plugin version 6.7 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2025-69152
High

The Artale | Wedding Photography WordPress plugin version 2.2.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2025-69134
High

The OpenAI Chatbot for WordPress – Helper plugin version 1.1.4 and earlier contains a vulnerability allowing unauthenticated attackers to delete arbitrary content. The flaw is due to missing authorization and input validation.

CVE-2025-69133
High

The Tourmaster plugin version 5.4.5 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by a subscriber. An authenticated user with the subscriber role can read arbitrary files on the server.

CVE-2025-69094
High

The Unicamp plugin version 2.2.2 and earlier contains a SQL injection vulnerability exploitable by subscribers. An attacker with subscriber privileges can inject malicious SQL queries, potentially leading to unauthorized database access.

CVE-2025-58902
High

An unauthenticated Local File Inclusion vulnerability exists in Lighthouse versions up to 1.2.12. It allows an attacker to read arbitrary files from the server without authentication.

CVE-2026-9834
HighEPSS 84%

The WP Database Backup plugin for WordPress up to version 7.11 is vulnerable to OS command injection via the `wp_db_exclude_table` parameter. An authenticated attacker with administrator privileges can inject malicious data that is directly concatenated into the `mysqldump` command without proper escaping, allowing arbitrary command execution on the server.

CVE-2026-8441
High

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter in the wprp_load_more_revs AJAX action. The unsanitized value is concatenated directly into an AND id NOT IN (...) clause, allowing unauthenticated attackers to extract database data.

CVE-2026-14336
High

The vulnerability in PIA uses a bare string-prefix check for the OIDC issuer allowlist instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer that passes the prefix check but points to a controlled server. This allows an unauthenticated caller of POST /v1/upload/sbom to force outbound HTTP(S) requests to an arbitrary host and accept a JWT signed with the attacker's key.

CVE-2026-13369
High

The Ninja Forms - File Uploads plugin for WordPress up to version 3.3.29 is vulnerable to Arbitrary File Read. The attach_files() function improperly handles a raw attacker-controlled 'files' array, bypassing upload validation, path normalization, and database record creation, allowing an unauthenticated attacker to read arbitrary files on the server.

CVE-2026-13251
HighEPSS 53%

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 2.6.4 via the 's' parameter. This allows unauthenticated attackers to read arbitrary files on the server, potentially exposing sensitive information.

CVE-2026-9563
High

In Eclipse Parsson before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications parsing attacker-controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, leading to a denial of service.

CVE-2026-8147
High

In MLflow versions prior to 3.14.0, when authentication is enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying traces on experiments they do not have permission to access. The issue arises from the `_before_request` handler, which does not register authorization validators for trace endpoints, resulting in requests proceeding without validation.

CVE-2026-33592
High

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size, allowing an arbitrarily large string (up to ~3.9 GB) to be declared and delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out.

CVE-2026-5821
High

The Image Optimizer plugin for WordPress versions up to 1.7.4 is vulnerable to arbitrary file deletion due to insufficient path validation in the Image_Backup::remove() function. Backup file paths stored in post meta are used directly in file deletion operations without verifying they are within the uploads directory. An authenticated attacker with Author-level access can inject arbitrary absolute file paths into the backups array via the Custom Fields interface, leading to file deletion when the attachment is deleted.

CVE-2026-14249
High

The Request a Quote plugin for WordPress up to version 2.5.5 is vulnerable to Code Injection via the emd_delete_file AJAX action. An unauthenticated attacker can invoke arbitrary zero-argument PHP functions, such as phpinfo(), by manipulating the $_POST['path'] parameter.

CVE-2026-57278
High

The GeoWebPlayer (Web Plugin/WS Player) addon for GeoVision software contains a buffer overflow vulnerability in the handler for the `connectionInfo` command. An attacker on localhost can send crafted JSON data that is copied into fixed-size buffers without length checks, causing overflow.

CVE-2026-57277
High

The GeoWebPlayer (Web Plugin/WS Player) addon for GeoVision software (GV-VMS, GV-Cloud) contains a buffer overflow vulnerability in the function handling the `connectionInfo` command. An attacker from localhost can send crafted JSON data that is copied into fixed-size buffers without length checking, causing overflow.

CVE-2026-57276
High

A buffer overflow vulnerability in GeoWebPlayer (Web Plugin) allows an attacker from localhost to execute code by sending a crafted WebSocket request with an overly long 'password' field. The handle_connection_info function copies data into fixed-size buffers without length checks, causing overflow.

PreviousPage 12 of 3314Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS