CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-48966
High

Versions of Funnel Builder by FunnelKit up to 3.15.0.2 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-48964
High

There is a SQL Injection vulnerability in ELEX WordPress HelpDesk and Customer Ticketing System versions up to 3.3.6. An attacker can exploit this flaw to execute unauthorized queries against the database.

CVE-2026-48889
High

Amelia versions up to 2.3 contain a vulnerability that allows subscriber privilege escalation.

CVE-2026-48885
High

Versions of HollerBox up to 2.3.10.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-48883
High

There is an unauthenticated broken access control vulnerability in WPC Product Bundles for WooCommerce versions <= 8.5.3.

CVE-2026-48882
High

The WP Time Slots Booking Form plugin versions up to 1.2.50 contains a SQL Injection vulnerability, allowing attackers to manipulate SQL queries.

CVE-2026-48876
High

Versions of Stop Spammers up to 2026.3 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-48874
High

GamiPress versions up to 7.8.7 contain a SQL Injection vulnerability that can be exploited by subscribers.

CVE-2026-48873
High

Montonio for WooCommerce versions up to 10.1.2 have a vulnerability in access control that allows unauthorized access to resources.

CVE-2026-48872
High

Versions of EmbedPress up to 4.5.2 are vulnerable to unauthorized access to sensitive data.

CVE-2026-48871
High

Versions of MW WP Form <= 5.1.3 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-48868
High

Versions of Simple Shopping Cart <= 5.2.9 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

CVE-2026-48867
High

Versions of Quiz And Survey Master <= 11.1.2 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts, potentially leading to user data theft.

CVE-2026-48838
High

Versions of Post SMTP <= 3.6.2 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.

CVE-2026-48835
High

In WPForms versions <= 1.10.0.4, there is an issue with unauthenticated access to the contact form, leading to broken access control.

CVE-2026-48708
High

OliveTin in versions 3000.0.0 and prior allows access to predefined shell commands from a web interface. The use of a shared template engine instance without synchronization leads to race conditions, resulting in cross-user command contamination and execution errors.

CVE-2026-48124
High

Cursor is a code editor designed for programming with AI. In versions prior to 3.0.0, Cursor Desktop could execute workspace-defined hook commands from .claude/settings.local.json without dedicated user approval.

CVE-2026-47825
High

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.

CVE-2026-47261
High

Wasmtime, a runtime for WebAssembly, has a vulnerability in versions prior to 24.0.9, 36.0.10, and 44.0.2 that allows bypassing the access control mechanism using the wasip2 descriptor.open-at or wasip1 path_open interfaces. The issue arises from a missing assignment in the open mode handling, allowing files to be opened with the OpenFlags::TRUNCATE flag without the necessary write permissions.

CVE-2026-45441
High

WpEvently versions up to 5.3.3 contain an unauthenticated vulnerability that could be exploited by attackers.

PreviousPage 134 of 3361Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS