CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
CVE-2026-53430 vulnerability concerns improper handling of highly compressed data in elixir-grpc, potentially leading to a denial of service attack via a gzip decompression bomb.
A vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming large or slow-trickle unary request bodies. The lack of size limits for accumulated data and infinite read timeouts enable uncontrolled memory growth.
Browserstack-cypress-cli versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. The loadJsFile() function in readCypressConfigUtil.js executes a shell command by interpolating the user-controlled cypress_config_filepath value.
A vulnerability in elixir-grpc allows authenticated attackers to access resources belonging to other users by manipulating values in requests. This enables them to bypass authorization mechanisms, leading to unauthorized access or modification of data.
Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service.
DbGate is a cross-platform database manager, in versions 7.1.8 and prior, has a vulnerability in the POST /runners/load-reader endpoint that accepts a functionName parameter interpolated without sanitization into a JavaScript code template. An authenticated user with basic access can inject arbitrary JavaScript code that executes on the server with full process privileges.
An unauthenticated Cross Site Scripting (XSS) vulnerability has been identified in SEO Redirection versions up to 9.17. An attacker can exploit this flaw to inject malicious scripts in the user's context.
There is a SQL Injection vulnerability in WCMultiShipping versions up to 3.0.2 that can be exploited by subscribers.
Versions of VikRentCar <= 1.4.5 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.
There is a SQL Injection vulnerability in Taskbuilder versions <= 5.0.7 that can be exploited by subscribers.
Versions of ABC Crypto Checkout up to 1.8.2 have a vulnerability that allows unauthorized access to sensitive data.
The Signature Add-On for WooCommerce versions <= 2.0 has a vulnerability that allows unauthorized access to sensitive data.
Versions of Affiliates Manager up to 2.9.50 have a vulnerability that allows unauthorized access to sensitive data.
Dokan versions up to 5.0.2 contain a vulnerability that allows customer privilege escalation.
Shared Files versions up to 1.7.64 are vulnerable to an unauthenticated Path Traversal attack, allowing an attacker to access system files.
In WooCommerce versions up to 3.1.4, there is a vulnerability of unauthenticated broken authentication in the Upsell Order Bump Offer feature.
LatePoint versions up to 5.5.1 contain a vulnerability that allows privilege escalation for contributors.
Versions of Chatway Live Chat, AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service, and Chat Buttons up to 1.4.8 have a vulnerability that allows for the exposure of subscriber sensitive data.
There is an unauthenticated vulnerability type in WP Travel Engine versions up to 6.7.10 that could be exploited by attackers.
In Knit Pay versions <= 9.4.0.0, there is an unauthenticated broken access control vulnerability that may allow unauthorized users to access resources.

