CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
The vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. This issue affects versions up to 2.0.0 and is due to insufficient validation of user-supplied image URLs.
A vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. A crafted TIFF image could trigger excessive memory allocation during image decoding, potentially causing the server process to crash.
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
CVE-2026-25699 in Apache Answer exposes private personal information to unauthorized actors. Versions up to 2.0.0 lack proper authorization checks in timeline-related APIs, allowing authenticated users to access deleted, private, or unapproved content and its revision history.
CVE-2026-25688 describes an improper neutralization of alternate XSS syntax vulnerability in Apache Answer, allowing malicious scripts to be executed in the browser. The issue affects Apache Answer versions up to 2.0.0.
UAF vulnerability in the package management module. Successful exploitation of this vulnerability may affect service integrity.
UAF vulnerability in the package management module. Successful exploitation of this vulnerability may affect service integrity.
DoS vulnerability in the browser kernel. Successful exploitation of this vulnerability may affect availability.
Race condition vulnerability in the IPC module. Exploitation may affect system availability.
Out-of-bounds write vulnerability in the IPC module. Successful exploitation of this vulnerability may affect availability.
DoS vulnerability in the log service that may affect system availability.
CVE-2026-41976 is a permission control vulnerability in the audio framework. Exploitation may impact service confidentiality.
A permission control vulnerability in calls. Its exploitation may affect system availability.
There is a path traversal vulnerability in the SMS app. Successful exploitation of this vulnerability may affect the application's availability.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to modify memory or crash processes.
The WPForms plugin for WordPress before version 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them. This allows unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions.
A cross-site scripting (XSS) vulnerability has been reported in several QNAP operating system versions. Remote attackers can exploit this flaw to bypass security mechanisms or read application data.
The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to and including 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls() function, combined with insufficient input sanitization and missing output escaping in the generateCSS() function.
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php.
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing or incorrect nonce validation on a function.

