CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
Podatność w wtyczce Tassos Framework umożliwia użytkownikom usuwanie dowolnych plików na dotkniętych stronach.
In the Linux kernel, a vulnerability in the SLIP protocol implementation was found where decode() and pull16() functions do not bounds-check the compressed packet length. A short VJ frame can cause an out-of-bounds read, and the excess data is incorporated into the compression state and reflected in subsequent packets.
In the Linux kernel, a vulnerability was found in the CO-RE (Compile Once - Run Everywhere) BPF mechanism. The bpf_core_parse_spec() function accepts negative indices in CO-RE accessor strings, leading to an out-of-bounds memory read and deterministic system crash. The issue is reachable with CAP_BPF privileges.
W jądrze Linux wykryto podatność use-after-free w mechanizmie BPF arena podczas wywoływania funkcji fork. Problem wynika z nieprawidłowego dziedziczenia VMA (Virtual Memory Area) przez proces potomny, co prowadzi do użycia wygasłego wskaźnika i potencjalnej eskalacji uprawnień.
CVE-2026-42762 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.
An authentication bypass vulnerability in the Backup and Staging by WP Time Capsule plugin allows for password recovery exploitation. This issue affects versions from n/a through 1.22.25.
CVE-2026-42759 involves improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in Timo Affiliate Super Assistent. This issue affects versions from n/a through 1.10.1 inclusive.
CVE-2026-42754 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the Favicon component from n/a through version 1.3.46.
CVE-2026-42753 describes a missing authorization vulnerability in the WC Lovers WCFM Membership plugin, allowing exploitation of incorrectly configured access control security levels. This issue affects WCFM Membership from n/a through version 2.11.10.
CVE-2026-42749 describes an authentication bypass vulnerability in the Themeisle Disable Comments for Any Post Types (Remove comments) plugin, allowing password recovery exploitation. This issue affects versions from n/a through 1.3.0.
The vulnerability in ZAYTECH Smart Online Order for Clover allows the leakage of sensitive data by embedding it in sent data. This issue affects versions from n/a through 1.6.0 inclusive.
CVE-2026-42745 describes an authentication bypass vulnerability in ZAYTECH Smart Online Order for Clover. This issue affects versions from n/a through 1.6.0 inclusive.
CVE-2026-42739 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the Advanced IP Blocker application. This issue affects versions from n/a through 8.10.7.
CVE-2026-42738 describes an improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in the ZAYTECH Smart Online Order for Clover application. This issue affects versions from n/a through 1.6.0.
CVE-2026-42737 describes an improper limitation of a pathname to a restricted directory, leading to a Path Traversal vulnerability in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.
CVE-2026-42736 describes an authorization bypass vulnerability through a user-controlled key in the BP Better Messages plugin. This issue affects versions from n/a through 2.14.16 inclusive.
An authentication bypass vulnerability in the KiviCare clinic management system allows for password recovery exploitation. This issue affects KiviCare from n/a through version 4.3.0.
CVE-2026-42734 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in Geo Mashup. The issue affects versions from n/a through 1.13.19.
CVE-2026-42733 describes an improper neutralization of input during web page generation in the WPCS currency-switcher plugin, leading to DOM-Based XSS attacks. This issue affects WPCS from n/a through version 1.3.1.
The MasterStudy LMS has a Blind SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This issue affects versions from n/a through 3.7.29.

