CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-34031
Medium

The vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. This issue affects versions up to 2.0.0 and is due to insufficient validation of user-supplied image URLs.

CVE-2026-33582
Medium

A vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. A crafted TIFF image could trigger excessive memory allocation during image decoding, potentially causing the server process to crash.

CVE-2026-28262
Medium

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CVE-2026-25699
Medium

CVE-2026-25699 in Apache Answer exposes private personal information to unauthorized actors. Versions up to 2.0.0 lack proper authorization checks in timeline-related APIs, allowing authenticated users to access deleted, private, or unapproved content and its revision history.

CVE-2026-25688
Medium

CVE-2026-25688 describes an improper neutralization of alternate XSS syntax vulnerability in Apache Answer, allowing malicious scripts to be executed in the browser. The issue affects Apache Answer versions up to 2.0.0.

CVE-2026-41985
Medium

UAF vulnerability in the package management module. Successful exploitation of this vulnerability may affect service integrity.

CVE-2026-41984
Medium

UAF vulnerability in the package management module. Successful exploitation of this vulnerability may affect service integrity.

CVE-2026-41983
Medium

DoS vulnerability in the browser kernel. Successful exploitation of this vulnerability may affect availability.

CVE-2026-41982
Medium

Race condition vulnerability in the IPC module. Exploitation may affect system availability.

CVE-2026-41981
Medium

Out-of-bounds write vulnerability in the IPC module. Successful exploitation of this vulnerability may affect availability.

CVE-2026-41977
Medium

DoS vulnerability in the log service that may affect system availability.

CVE-2026-41976
Medium

CVE-2026-41976 is a permission control vulnerability in the audio framework. Exploitation may impact service confidentiality.

CVE-2026-41973
Medium

A permission control vulnerability in calls. Its exploitation may affect system availability.

CVE-2026-41972
Medium

There is a path traversal vulnerability in the SMS app. Successful exploitation of this vulnerability may affect the application's availability.

CVE-2025-62858
Medium

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to modify memory or crash processes.

CVE-2026-4986
Medium

The WPForms plugin for WordPress before version 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them. This allows unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions.

CVE-2026-41539
Medium

A cross-site scripting (XSS) vulnerability has been reported in several QNAP operating system versions. Remote attackers can exploit this flaw to bypass security mechanisms or read application data.

CVE-2026-8977
Medium

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to and including 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls() function, combined with insufficient input sanitization and missing output escaping in the generateCSS() function.

CVE-2026-8940
Medium

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php.

CVE-2026-8910
Medium

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing or incorrect nonce validation on a function.

PreviousPage 155 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS