CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
WP Vault version 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.
TYPO3 has an issue with deserializing PHP payloads in the cache frontend and persistent key-value store, which may lead to PHP Object Injection. An attacker with access to the storage backend could exploit this vulnerability for remote code execution.
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages.
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, allowing them to gather information about records and files they were not authorized to view.
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31, and 14.0.0-14.3.3.
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. As a result, these titles were displayed in frontend search results without proper output encoding, leading to a Cross-Site Scripting vulnerability.
Applications using GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks.
A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using 'awx --conf.format yaml import'.
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function. This allows authenticated attackers with Subscriber-level access and above to cancel any user's subscription pack, including administrators.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) that improperly sanitizes path input in the `GET /api/sftp/uploadFiles` endpoint. This allows path traversal through crafted input, enabling access to unintended file system locations.
A vulnerability has been identified in SIPROTEC 5 devices that allows authenticated users to upload arbitrary files using the DIGSI 5 protocol. This could lead to the upload of malicious configuration files, potentially resulting in denial of service and code execution.
The Prime Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via Widget HTML Tag Settings in all versions up to and including 1.3.3 due to insufficient input sanitization and output escaping.
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to and including 2.0.4 due to insufficient input sanitization and output escaping. This allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. Design flaws allow authenticated attackers with Subscriber-level access and above to read server file contents by having them copied to a publicly accessible URL.
In the S2OPC library's CycloneCrypto cryptographic wrapper, certificate revocation checks only consider the first matching CRL, ignoring other valid CRLs from the same CA. This may allow a connection between an OPC UA client and server using a revoked certificate.
The Apache Airflow Samba provider's `GCSToSambaOperator` had a flaw that joined GCS object names to the SMB destination path without a containment check. An attacker could exploit `../` segments to write files to arbitrary locations on the Samba target.
In the Linux kernel, a vulnerability was found in the io_uring subsystem for IORING_OP_WAITID. The result structure (io_waitid::info) was not initialized before copying to userspace, potentially leaking uninitialized kernel memory.
A vulnerability in Apache Answer allows unauthorized users to access sensitive information, such as unlisted questions, answers, comments, and revision history. The issue affects versions up to 2.0.0.
CVE-2026-34033 is a vulnerability related to improper neutralization of script-related HTML tags in Apache Answer up to version 2.0.0. It allows authenticated users to inject arbitrary HTML into emails sent to other users.

