CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-11675
Low

An out of bounds read in Skia in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

CVE-2026-47344
Low

When the ALLOW_INSECURE_RAW_TEXT option is enabled, whitespace-variant closing tags (e.g., </style >) are not recognized by the sanitizer but accepted by browsers as valid end tags. This allows bypassing the XSS prevention mechanism in typo3/html-sanitizer before version 2.3.2.

CVE-2026-11555
Low

A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006, affecting unknown processing of the file /etc/boa.conf in the web interface. Such manipulation leads to least privilege violation.

CVE-2026-11534
Low

A vulnerability was detected in the imvks786 student management system that allows for cross-site scripting (XSS) attacks through argument manipulation in the /add.php file. The attack can be executed remotely, and the exploit is now publicly available.

CVE-2026-49756
Low

The CRLF Injection vulnerability in the wojtekmach Req library allows multipart parameter smuggling via maliciously modified part metadata. The issue arises from improper neutralization of CRLF sequences in headers built from user-supplied data.

CVE-2026-48488
Low

phpMyFAQ is an open source FAQ web application. In versions prior to 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm vulnerable to collision attacks.

CVE-2026-11520
Low

A weakness has been identified in SourceCodester Inventory System 1.0. The issue affects some unknown functionality of the file header.php, leading to cross-site scripting (XSS) attacks.

CVE-2026-11511
Low

A weakness has been identified in Bolt CMS up to version 3.7.5, affecting unknown code in the file src/Storage/Field/Type/TextType.php. Manipulating the argument style can lead to HTML injection.

CVE-2026-11502
Low

A weakness has been identified in JeecgBoot up to version 3.9.2, concerning the HttpServletResponse.sendRedirect function in the ThirdLoginController. Manipulation of the state argument leads to open redirect, which can be initiated remotely.

CVE-2026-11491
Low

A vulnerability was identified in CodeAstro Human Resource Management System 1.0, affecting an unknown function of the file /notice/All_notice in the Notice Board Management component. Manipulating the Notice Title argument with malicious SVG code leads to cross-site scripting (XSS) attacks.

CVE-2026-11481
Low

A vulnerability was identified in the PostgresStore.LookupByContentHash function in versions up to 0.35.0 of the Postgres Embedding Cache component. Manipulating the content_hash argument can lead to the use of weak hash.

CVE-2026-11478
Low

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb, affecting the function matchstar of the file re.c of the Pattern Handler component. This vulnerability leads to inefficient regular expression complexity.

CVE-2026-11468
Low

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0, allowing cross-site scripting (XSS) attacks through manipulation of the 'room' argument in the /admin/?page=room_types file.

CVE-2026-11465
Low

A security flaw has been discovered in songquanpeng one-api up to version 0.6.11-preview.7, affecting the Redeem function in the file model/redemption.go. Manipulation of this function results in business logic errors.

CVE-2026-11464
Low

A vulnerability was identified in JeecgBoot up to version 3.9.2, concerning the queryPageList function in the SysUserController.java file. Manipulation of the salt argument leads to information disclosure.

CVE-2026-11459
Low

A vulnerability has been detected in SecureAge CatchPulse up to version 10.9.3, affecting an unknown function in the library saappctl.sys of the IOCTL Handler component. Manipulation of this function leads to information disclosure.

CVE-2026-11434
Low

A weakness has been identified in FluentCMS 0.0.5, affecting an unknown function of the file /admin/blocks of the Blocks Plugin component. This manipulation leads to cross-site scripting attacks.

CVE-2025-12656
Low

The WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function. This affects all versions up to and including 0.9.128.

CVE-2026-11338
Low

A cross site scripting (XSS) vulnerability has been identified in SourceCodester Ship Ferry Ticket Reservation System version 1.0 in the user management function. Manipulating the 'Username' argument allows for remote exploitation.

CVE-2026-48102
Low

7-Zip versions 9.11 through 26.00 contain a heap out-of-bounds read vulnerability in the UDF file identifier descriptor parser. The issue occurs when processing UDF images, potentially leading to information disclosure and application crashes.

PreviousPage 12 of 60Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS