CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-9851
High

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to and including 1.7.16. The issue arises from a missing capability check on the 'updateUser' branch of the package_app_action AJAX endpoint, allowing attackers to change the email address and password of any account.

CVE-2026-7537
High

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to and including 1.7.8.3. This is due to no file type, extension, or MIME type validation being performed on uploaded files.

CVE-2026-8901
High

The Integration for Freshsales plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via Form Submission Data in all versions up to and including 1.0.15 due to insufficient input sanitization and output escaping. Attackers can inject arbitrary web scripts that will execute whenever a user accesses an injected page.

CVE-2026-8438
High

The All-In-One Security (AIOS) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 5.4.7. The issue arises from insufficient input sanitization and missing output escaping in the column_default() method of the debug log list table.

CVE-2026-9290
High

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 2.9.17, allowing unauthenticated attackers to include and execute arbitrary .php files on the server.

CVE-2026-34123
High

On the Tapo C520WS v2, due to a logic flaw in the API authorization mechanism, an attacker can bypass restrictions on restricted accounts. This allows unauthorized operations that should be blocked to be executed.

CVE-2026-7654
High

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction, allowing attackers to inject a serialized PHP object.

CVE-2026-11431
High

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files to be read from the server filesystem.

CVE-2026-11424
High

A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation or destination filtering.

CVE-2026-11416
High

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata. An attacker can exploit this vulnerability to write downloaded content outside the configured download directory.

CVE-2026-36785
High

A stack overflow vulnerability was discovered in the page parameter of the fromDhcpListClient function in the Tenda FH451 V1.0.0.9 device. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-11422
High

Markdown Preview Enhanced version 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline. This allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document.

CVE-2026-46493
High

HAX CMS to system zarządzania mikrositami z backendami PHP lub NodeJs. Wersje przed 26.0.1 używają funkcji `uniqid` do generowania soli, co jest niewłaściwe. Wersja 26.0.1 naprawia ten problem.

CVE-2026-46400
High

HAX CMS, used for managing microsites with PHP or NodeJs backends, has a vulnerability in the file upload functionality that in versions 11.0.6 to 25.0.0 only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attackers to upload malicious files, potentially leading to remote code execution.

CVE-2026-46398
High

HAX CMS, używany do zarządzania mikrositami z backendem PHP lub NodeJs, w wersjach od 25.0.0 do przed 26.0.0 ustawia ciasteczko haxcms_refresh_token bez flagi Secure. To umożliwia jego przesyłanie przez niezaszyfrowane HTTP, co czyni je podatnym na kradzież przez podsłuchiwanie pakietów w sieci.

CVE-2026-45300
High

The AsyncHttpClient (AHC) library in versions 2.x prior to 2.15.0 and 3.x prior to 3.0.10 leaks `Cookie` headers during redirects to different origins. The `propagatedHeaders()` method does not strip the `Cookie` header, leading to session cookies being sent to attacker-controlled servers.

CVE-2026-11419
High

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path, allowing arbitrary files to be written to any location on the server filesystem writable by the service account.

CVE-2026-11401
High

Problem z niezaufaną ścieżką wyszukiwania w GlobalDatabasePlugin w AWS Advanced Go Wrapper dla Amazon Aurora PostgreSQL pozwala zdalnemu, uwierzytelnionemu użytkownikowi o niskich uprawnieniach na eskalację uprawnień do poziomu innego użytkownika Amazon RDS, w tym rds_superuser, poprzez stworzona funkcję, która uruchamia się, gdy ten użytkownik łączy się z klastrem przez dotknięty wrapper.

CVE-2026-11400
High

Problem z niezaufaną ścieżką wyszukiwania w GlobalDatabasePlugin w AWS Advanced JDBC Wrapper dla Amazon Aurora PostgreSQL pozwala zdalnemu, uwierzytelnionemu użytkownikowi o niskich uprawnieniach na eskalację uprawnień do poziomu innego użytkownika Amazon RDS, w tym rds_superuser, poprzez stworzona przez siebie funkcję, która uruchamia się, gdy ten użytkownik łączy się z klastrem przez podatny wrapper.

CVE-2026-5415
High

Wtyczka WP Captcha PRO dla WordPressa jest podatna na obejście uwierzytelniania we wszystkich wersjach do 5.38 włącznie. Problem wynika z tego, że obsługa AJAX ajax_run_tool() polega wyłącznie na weryfikacji nonce, bez sprawdzania uprawnień, co umożliwia generowanie linków do logowania bez hasła dla dowolnych użytkowników.

PreviousPage 184 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS