CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-53430
High

CVE-2026-53430 vulnerability concerns improper handling of highly compressed data in elixir-grpc, potentially leading to a denial of service attack via a gzip decompression bomb.

CVE-2026-48854
High

A vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming large or slow-trickle unary request bodies. The lack of size limits for accumulated data and infinite read timeouts enable uncontrolled memory growth.

CVE-2026-48723
High

Browserstack-cypress-cli versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. The loadJsFile() function in readCypressConfigUtil.js executes a shell command by interpolating the user-controlled cypress_config_filepath value.

CVE-2026-48599
High

A vulnerability in elixir-grpc allows authenticated attackers to access resources belonging to other users by manipulating values in requests. This enables them to bypass authorization mechanisms, leading to unauthorized access or modification of data.

CVE-2026-5064
High

Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service.

CVE-2026-48017
High

DbGate is a cross-platform database manager, in versions 7.1.8 and prior, has a vulnerability in the POST /runners/load-reader endpoint that accepts a functionName parameter interpolated without sanitization into a JavaScript code template. An authenticated user with basic access can inject arbitrary JavaScript code that executes on the server with full process privileges.

CVE-2026-52702
High

An unauthenticated Cross Site Scripting (XSS) vulnerability has been identified in SEO Redirection versions up to 9.17. An attacker can exploit this flaw to inject malicious scripts in the user's context.

CVE-2026-52700
High

There is a SQL Injection vulnerability in WCMultiShipping versions up to 3.0.2 that can be exploited by subscribers.

CVE-2026-52699
High

Versions of VikRentCar <= 1.4.5 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

CVE-2026-52697
High

There is a SQL Injection vulnerability in Taskbuilder versions <= 5.0.7 that can be exploited by subscribers.

CVE-2026-52695
High

Versions of ABC Crypto Checkout up to 1.8.2 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-52694
High

The Signature Add-On for WooCommerce versions <= 2.0 has a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-52692
High

Versions of Affiliates Manager up to 2.9.50 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-49780
High

Dokan versions up to 5.0.2 contain a vulnerability that allows customer privilege escalation.

CVE-2026-49112
High

Shared Files versions up to 1.7.64 are vulnerable to an unauthenticated Path Traversal attack, allowing an attacker to access system files.

CVE-2026-49110
High

In WooCommerce versions up to 3.1.4, there is a vulnerability of unauthenticated broken authentication in the Upsell Order Bump Offer feature.

CVE-2026-49083
High

LatePoint versions up to 5.5.1 contain a vulnerability that allows privilege escalation for contributors.

CVE-2026-49082
High

Versions of Chatway Live Chat, AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service, and Chat Buttons up to 1.4.8 have a vulnerability that allows for the exposure of subscriber sensitive data.

CVE-2026-49078
High

There is an unauthenticated vulnerability type in WP Travel Engine versions up to 6.7.10 that could be exploited by attackers.

CVE-2026-49070
High

In Knit Pay versions <= 9.4.0.0, there is an unauthenticated broken access control vulnerability that may allow unauthorized users to access resources.

PreviousPage 131 of 3360Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS