CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
The WordPress Ultimate Product Catalog plugin version 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality.
The Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.
The BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input.
The WordPress Booking Calendar Contact Form plugin version 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries.
The WordPress Booking Calendar Contact Form plugin version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.
WordPress CP Polls version 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers, enabling arbitrary JavaScript execution in the browsers of users viewing the affected content.
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. This allows an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application.
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable.
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages, allowing access to restricted functions in other branches.
The Wertheim SafeController Family 65000, AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in a man-in-the-middle position can decrypt the data traffic.
The Wertheim SafeController 5400 (AssemblyVersion 6.11.8130.22320) uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path can sniff and replay RS-485 messages.
The application executing the JavaScript script embedded in the PDF within the sandbox fails to intercept some dangerous interfaces, allowing remote scripts to be loaded and resulting in arbitrary code execution.
Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges using a specially crafted driver.
Quick.CMS deserializes user-controlled data sent over unprotected HTTP, allowing attackers to tamper with data and inject malicious objects. Due to insufficient validation, arbitrary code execution can occur on the server.
A vulnerability was found in Yealink SIP-T46U version 108.86.0.118 in the mod_webd.BlueToothTest function in the file /api/inner/bttest of the Web FastCGI Service. Manipulation of the btMac, pin, or reserved arguments can lead to a stack-based buffer overflow. The attack requires local network access and the exploit has been publicly disclosed.
A stack-based buffer overflow vulnerability was found in Yealink SIP-T46U firmware version 108.86.0.118. The issue occurs in the sprintf function within the /api/upgrade/upgrade file when processing uid and start_offset arguments in the Firmware Chunk Upload Handler component. The attack requires local network access and the exploit has been made public.
A stack-based buffer overflow vulnerability has been found in Yealink SIP-T46U firmware version 108.86.0.118. The issue affects the mod_upgrade.SparePartsUpload function in the /api/upgrade/accupgradebychunk file, where manipulation of the uid argument can cause a buffer overflow. The attack requires local network access and exploit details have been publicly disclosed.
A stack-based buffer overflow vulnerability was found in Yealink SIP-T46U version 108.87.50.1. It affects the StartReportInformation function in the /api/inner/beforewifitest file of the Web FastCGI service. Manipulating the port argument causes the overflow.
A vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5, affecting an unknown function in the dvdfabio.sys library of the Signed Kernel Driver component. Manipulation leads to improper privilege management.

