CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-54844
High

The CheckView Automated Testing plugin version 2.1.0 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to testing features without authentication.

CVE-2026-54843
Critical

There is an unauthenticated SQL injection vulnerability in MDTF versions <= 1.3.7.

CVE-2026-54842
High

Missing Authorization in Royal Plugins Royal MCP allows exploiting incorrectly configured access control security levels. This issue affects Royal MCP from n/a through 1.4.25.

CVE-2026-54841
High

Versions of Vitepos up to 3.4.2 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-54838
High

Versions of WC Vendors Marketplace up to 2.6.8 are vulnerable to SQL Injection attacks by subscribers.

CVE-2026-54836
Critical

SQL Injection vulnerability in YMC Filter allows an attacker to inject malicious SQL code. The flaw affects versions up to and including 3.11.5.

CVE-2026-54830
High

The Five Star Restaurant Reservations plugin version 2.7.19 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to reservation functions without required authentication.

CVE-2026-54829
High

CVE-2026-54829 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in the WP Photo Album Plus plugin.

CVE-2026-54828
High

Motors versions up to 1.4.109 have a vulnerability in access control that allows unauthorized access.

CVE-2026-54823
Critical

There is a remote code execution (RCE) vulnerability in Widget Options versions <= 4.2.3 that can be exploited by an attacker.

CVE-2026-54822
High

Subscriber SQL Injection vulnerability in SALESmanago and Leadoo versions up to 3.11.2 allows unauthorized access to the database through malicious SQL query injection.

CVE-2026-54821
High

The vulnerability in the Visual Link Preview plugin versions up to 2.3.1 allows sensitive subscriber data exposure. An attacker can access information that should be protected.

CVE-2026-52690
Medium

The vulnerability allows spoofing replies to a Recursor, which may mark an IP address of an authoritative server as not supporting EDNS. As a result, validation of DNSSEC records served by that server may fail.

CVE-2026-4526
Medium

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network.

CVE-2026-49506
High

Dell Wyse Management Suite versions prior to WMS 5.5 HF1 contain a Path Traversal vulnerability. A high privileged attacker with remote access could exploit this to achieve Remote Code Execution.

CVE-2026-47154
Medium

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries, resulting in process termination. These messages must come from a device that has already joined the network.

CVE-2026-47153
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47152
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47151
High

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. Only devices that have already joined the network and support the Door Lock cluster may be impacted.

CVE-2026-47150
High

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited.

PreviousPage 237 of 4630Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS