CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
Capgo before version 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via limited_to_apps are only checked for limited_to_orgs, allowing tampering with account-level credentials.
Capgo before version 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations.
Plug has an efficiency issue in the nested-parameter decoder that allows an unauthenticated remote attacker to cause denial of service. The decoding algorithm's complexity is quadratic in relation to the number of nesting levels, which can lead to server unresponsiveness.
The ProfileGrid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function in all versions up to 5.9.9.2 due to insufficient input sanitization and output escaping.
The Totolink EX1200L router is vulnerable to a buffer overflow in the login functionality at the cgi-bin/cstecgi.cgi endpoint. Exploiting this vulnerability could lead to program crashes and remote code execution.
CVE-2026-10857 describes improper neutralization of input during web page generation, leading to Reflected XSS vulnerabilities in AKIN Software's e-Commerce.
CafePlus has a vulnerability related to missing authentication for a critical function, allowing access to functionality not properly constrained by access control lists (ACLs). This issue affects versions from 12.05.03 before 12.05.04.
Picklescan before 0.0.29 fails to detect malicious pickle files, allowing attackers to embed undetected code in these files. This code can execute arbitrary commands when loaded by victims.
Picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().
Picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.
Picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address without confirming the change to the original email address or re-entering the current password.
The Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, allowing the publication of a malicious extension with an SVG icon. This leads to stored XSS attacks when a user navigates directly to the icon URL.
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, SSO tickets generated to authenticate the session could be predicted by an unauthenticated user, leading to account takeover.
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, it defaults to using a SHA-1 hash of predictable sources, allowing CSRF attacks.
A high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
The Frontend File Manager Plugin for WordPress up to version 23.6 does not properly enforce nonce checks on the file download handler, allowing unauthenticated attackers to download files uploaded by any user.
The Frontend File Manager Plugin for WordPress through version 23.6 does not sanitize or escape a filename submitted to the frontend file-rename endpoint, leading to a Stored Cross-Site Scripting vulnerability.
The Simple Basic Contact Form WordPress plugin through version 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability.
The Infility Global WordPress plugin before version 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability. This can be exploited by authenticated users with Subscriber-level access and above.

