CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, a privilege escalation vulnerability existed by attaching authentication details to accounts.
In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, account takeover via predictable restore codes was possible.
In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, authentication bypass via direct database access leading to administrative access was possible.
CVE-2026-44939 describes a command injection vulnerability in the Rancher Manager import endpoint before version 2.14.2, potentially allowing the execution of malicious containers.
The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to and including 3.15.3. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution.
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to and including 3.8.0 via the `doc_style` parameter. This allows unauthenticated attackers to include and execute arbitrary .php files on the server.
FileRise versions before 3.16.0 are vulnerable to path traversal in the shared-folder upload endpoint, leading to arbitrary file write and administrator account takeover. An attacker can exploit a valid upload-enabled shared-folder link/token to overwrite files and gain administrator access.
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.
A stored cross-site scripting vulnerability exists in pgAdmin 4 versions 6.0 through 9.15. Text returned by a PostgreSQL server (e.g., object names in errors or EXPLAIN fields) was passed verbatim to html-react-parser, allowing injection of arbitrary HTML, including iframes. An attacker controlling the server or creating a maliciously named object can hijack the victim's pgAdmin session.
In pgAdmin 4 versions 6.9 through 9.15, two SQL Editor endpoints lack authentication decorators, allowing unauthenticated attackers to trigger pickle deserialization from server sessions. Exploitation requires additional preconditions (knowledge of SECRET_KEY and write access to sessions directory) to achieve remote code execution.
A vulnerability in the pgAdmin 4 AI Assistant allows an attacker who can influence database content read by the assistant to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The flaw stems from missing validation of LLM-generated queries, enabling bypass of read-only mode via injection of commands like COMMIT or ROLLBACK.
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
The Relyra library, a SAML 2.0 Service Provider for Elixir and Phoenix, in versions 1.0.0 and 1.1.0 accepted forged SAML signatures due to the lack of cryptographic verification of SignatureValue before returning a successful authentication result. This issue has been fixed in version 1.2.0.
mcp-pinot is a Python-based Model Context Protocol (MCP) server that, in versions 3.0.1 and below, defaults to running an HTTP MCP server without authentication. All MCP tools are accessible to any network-adjacent caller, leading to significant security vulnerabilities.
Deepstream is a server that allows clients and backend services to sync data, send messages, and make RPCs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution, which can lead to privilege escalation by any authenticated user with write permission.
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios.
JTL Shop versions 5.2.0 through 5.7.1 contain a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine.
The EPDS and EDS systems do not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
In InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions), a command injection vulnerability was discovered in the file upload function. This vulnerability allows remote attackers to execute arbitrary commands as root via crafted input.

