CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-54829
High

CVE-2026-54829 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in the WP Photo Album Plus plugin.

CVE-2026-54828
High

Motors versions up to 1.4.109 have a vulnerability in access control that allows unauthorized access.

CVE-2026-54823
Critical

There is a remote code execution (RCE) vulnerability in Widget Options versions <= 4.2.3 that can be exploited by an attacker.

CVE-2026-54822
High

Subscriber SQL Injection vulnerability in SALESmanago and Leadoo versions up to 3.11.2 allows unauthorized access to the database through malicious SQL query injection.

CVE-2026-54821
High

The vulnerability in the Visual Link Preview plugin versions up to 2.3.1 allows sensitive subscriber data exposure. An attacker can access information that should be protected.

CVE-2026-52690
Medium

The vulnerability allows spoofing replies to a Recursor, which may mark an IP address of an authoritative server as not supporting EDNS. As a result, validation of DNSSEC records served by that server may fail.

CVE-2026-4526
Medium

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network.

CVE-2026-49506
High

Dell Wyse Management Suite versions prior to WMS 5.5 HF1 contain a Path Traversal vulnerability. A high privileged attacker with remote access could exploit this to achieve Remote Code Execution.

CVE-2026-47154
Medium

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries, resulting in process termination. These messages must come from a device that has already joined the network.

CVE-2026-47153
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47152
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47151
High

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. Only devices that have already joined the network and support the Door Lock cluster may be impacted.

CVE-2026-47150
High

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited.

CVE-2026-47149
Medium

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These issues occur only in devices that have already joined the network.

CVE-2026-47148
Medium

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload, leading to process termination. These messages must come from a device that has already joined the network.

CVE-2026-47147
High

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester.

CVE-2026-47146
Medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. Only devices that have already joined the network and support the Color Control cluster may be impacted.

CVE-2026-47145
Medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. Only devices that have already joined the network and support the Color Control cluster may be impacted.

CVE-2026-46734
High

Dell Display and Peripheral Manager (DDPM Mac) versions prior to 2.3 contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVE-2026-46733
High

Dell Display and Peripheral Manager (DDPM) for Windows versions prior to 2.3 contain an Improper Access Control vulnerability. A low-privileged attacker with local access could exploit this to achieve code execution.

PreviousPage 184 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS