CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14330
Medium

Multiple unbounded alloca() calls in the PulseAudio protocol server can lead to stack overflow and potential arbitrary code execution.

CVE-2026-14324
Medium

The RAOP module accepts unbounded Content-Length values and does not check the return value of pw_array_add().

CVE-2026-12374
Medium

A vulnerability in the PrivilegedHelperTool XPC service in Cato Client before version 5.13.1 on macOS is caused by improper certificate validation and a TOCTOU race condition. This allows a local authenticated attacker to escalate privileges to root using a self-signed certificate and a symlink swap during package installation.

CVE-2026-53909
Medium

MCO does not correctly validate uploaded file types, relying solely on client-side checks that can be bypassed. An authenticated, low-privileged attacker can upload arbitrary file types to the server. The vulnerability is confirmed in version 25.3.3.1 but may affect other versions.

CVE-2026-53908
Medium

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations. An attacker can leverage these differences to enumerate valid usernames and email addresses.

CVE-2026-53907
Medium

Stored Cross‑Site Scripting (XSS) vulnerability in MCO allows an attacker with privileges to change the application logo to inject malicious JavaScript code by uploading a crafted SVG file. The code executes when the logo is rendered or opened.

CVE-2026-53906
Medium

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages.

CVE-2026-53905
Medium

The vulnerability in MCO is due to improper authorization enforcement in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated low-privileged user can retrieve administrator access control structures, potentially exposing sensitive permission mappings and internal configuration details.

CVE-2026-53904
Medium

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously issued temporary passwords, and password resets are not limited. An attacker who provides victim's email and answer to their security question can successfully initiate the reset process and continuously invalidate credentials, effectively locking the victim out of their account.

CVE-2026-53903
Medium

An IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint allows unauthorized access to other users' trading documents. The lack of authorization validation enables document retrieval based on a user-supplied identifier, which can be easily guessed.

CVE-2026-13323
Medium

In Open VSX Registry before version 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without Content-Security-Policy or Content-Disposition: attachment headers. An unauthenticated attacker can register a publisher account, upload a VSIX with a crafted HTML payload, and trick an authenticated user into visiting the resulting URL.

CVE-2026-14258
Medium

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.

CVE-2026-10095
Medium

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in versions up to and including 9.1.13.005 due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts.

CVE-2026-27435
Medium

Missing Authorization vulnerability in Woffice allows exploiting incorrectly configured access control security levels. This issue affects Woffice versions before 5.4.33.

CVE-2026-13454
Medium

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL injection via the 's' parameter in all versions up to and including 2.4.5 due to insufficient escaping and lack of query preparation. This allows authenticated attackers with custom-level access or higher to append additional SQL queries to existing ones.

CVE-2026-12754
Medium

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in all versions up to and including 1.8.12 due to insufficient input sanitization and output escaping.

CVE-2026-56016
Medium

The vulnerability in CGI::Session::ID::md5 for Perl before version 4.49 generates predictable session IDs from low-entropy sources. The generate_id method builds the session ID from an MD5 digest of the process ID, epoch time, and the built-in rand() function, all of which are predictable.

CVE-2026-13733
Medium

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_data_msg' shortcode attribute in all versions up to and including 3.3.60 due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts that execute when a user visits an injected page.

CVE-2026-12732
Medium

The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' shortcode attribute in versions up to and including 4.4.0. Authenticated attackers with contributor-level access or higher can inject arbitrary scripts that execute when users visit the affected page.

CVE-2026-12435
Medium

The Motors – Car Dealership & Classified Listings plugin for WordPress up to version 1.4.111 is vulnerable to authorization bypass. An authenticated attacker with subscriber-level access can mark or unmark any other user's car listing as sold by replaying a valid nonce from their own listing.

PreviousPage 13 of 485Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS