CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-52699
High

Versions of VikRentCar <= 1.4.5 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

CVE-2026-52697
High

There is a SQL Injection vulnerability in Taskbuilder versions <= 5.0.7 that can be exploited by subscribers.

CVE-2026-52695
High

Versions of ABC Crypto Checkout up to 1.8.2 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-52694
High

The Signature Add-On for WooCommerce versions <= 2.0 has a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-52692
High

Versions of Affiliates Manager up to 2.9.50 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-49780
High

Dokan versions up to 5.0.2 contain a vulnerability that allows customer privilege escalation.

CVE-2026-49112
High

Shared Files versions up to 1.7.64 are vulnerable to an unauthenticated Path Traversal attack, allowing an attacker to access system files.

CVE-2026-49110
High

In WooCommerce versions up to 3.1.4, there is a vulnerability of unauthenticated broken authentication in the Upsell Order Bump Offer feature.

CVE-2026-49083
High

LatePoint versions up to 5.5.1 contain a vulnerability that allows privilege escalation for contributors.

CVE-2026-49082
High

Versions of Chatway Live Chat, AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service, and Chat Buttons up to 1.4.8 have a vulnerability that allows for the exposure of subscriber sensitive data.

CVE-2026-49078
High

There is an unauthenticated vulnerability type in WP Travel Engine versions up to 6.7.10 that could be exploited by attackers.

CVE-2026-49070
High

In Knit Pay versions <= 9.4.0.0, there is an unauthenticated broken access control vulnerability that may allow unauthorized users to access resources.

CVE-2026-49068
High

Coupon Affiliates versions up to 7.8.1 have a vulnerability that allows the exposure of subscriber sensitive data.

CVE-2026-49066
High

The Conekta Payment Gateway versions up to 6.0.0 have a vulnerability that allows unauthenticated access to sensitive data.

CVE-2026-49065
High

The Hippoo mobile app for WooCommerce versions up to 1.9.5 has an issue with unauthenticated access that may lead to broken access control.

CVE-2026-49063
High

Listdom versions up to 5.5.0 contain a vulnerability that allows unauthenticated privilege escalation.

CVE-2026-49061
High

In WPC Product Options for WooCommerce versions <= 3.2.1, there is a vulnerability allowing unauthenticated arbitrary file download.

CVE-2026-49056
High

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions up to 4.9.4 has a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-49055
High

Versions of Drag and Drop Multiple File Upload – Contact Form 7 up to 1.3.9.7 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-48970
High

Versions of Really Simple SSL up to 9.5.10 have a vulnerability in authentication that allows for unauthorized access.

PreviousPage 133 of 3361Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS