CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-52755
High

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys.

CVE-2026-52754
High

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature.

CVE-2026-52752
High

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences, allowing arbitrary file writes outside the intended directory.

CVE-2026-52751
High

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.

CVE-2026-52750
High

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.

CVE-2026-49498
High

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages.

CVE-2026-49069
High

CVE-2026-49069 describes an improper neutralization of input during web page generation in WPZOOM Portfolio, leading to a Reflected XSS vulnerability.

CVE-2025-71330
High

Version 2.0.2 of the image-size library contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field, triggering an infinite loop in the ICNS parser.

CVE-2025-71329
High

Version 2.0.2 of the image-size library contains a denial of service vulnerability that allows remote attackers to block the Node.js event loop. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by supplying a specially crafted image with a zero-valued size field.

CVE-2026-24067
High

Slate Digital Connect version 1.37.0 for macOS installs a privileged helper tool that exposes the XPC service to race conditions related to process identifiers. A local attacker can exploit PID reuse, leading to unauthorized access to privileged helper functionality.

CVE-2026-24066
High

Slate Digital Connect version 1.37.0 for macOS installs a privileged helper tool that exposes the XPC service. The helper only validates connecting XPC clients based on the subject.OU value of the client's signing certificate, allowing a local attacker to gain access to privileged functionality.

CVE-2026-3018
High

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpmlsubscriber_id' parameter in all versions up to and including 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

CVE-2026-10721
High

Concrete CMS versions below 9.5.2 are vulnerable to PHP Object Injection via unserialize() calls in the Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database.

CVE-2026-8071
High

The Anti-Spam by CleanTalk plugin before version 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user, including administrators, views the post.

CVE-2026-3326
High

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

CVE-2026-29116
High

A vulnerability has been found in some Dahua products that could allow an unauthenticated remote attacker to send a specially crafted packet. This could trigger an exception causing the system to reboot unexpectedly, resulting in a denial of service.

CVE-2026-10846
High

Versions of ldns from 1.2.0 to 1.9.0 have a vulnerability that allows off-path poisoning attacks. The issue is due to the lack of verification of the query destination address and port in the response, posing a risk to applications using ldns as a resolver.

CVE-2026-11837
High

A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.

CVE-2026-26239
High

A buffer overflow vulnerability has been reported in File Station 5. A remote attacker with a user account can exploit this vulnerability to modify memory or crash processes.

CVE-2026-26237
High

A missing authorization vulnerability has been reported to affect QuMagie, allowing remote attackers to access unauthorized data or perform unauthorized actions.

PreviousPage 143 of 3344Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS