CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2026-48906
High

Podatność w wtyczce Tassos Framework umożliwia użytkownikom usuwanie dowolnych plików na dotkniętych stronach.

CVE-2026-45843
High

In the Linux kernel, a vulnerability in the SLIP protocol implementation was found where decode() and pull16() functions do not bounds-check the compressed packet length. A short VJ frame can cause an out-of-bounds read, and the excess data is incorporated into the compression state and reflected in subsequent packets.

CVE-2026-45839
High

In the Linux kernel, a vulnerability was found in the CO-RE (Compile Once - Run Everywhere) BPF mechanism. The bpf_core_parse_spec() function accepts negative indices in CO-RE accessor strings, leading to an out-of-bounds memory read and deterministic system crash. The issue is reachable with CAP_BPF privileges.

CVE-2026-45837
High

W jądrze Linux wykryto podatność use-after-free w mechanizmie BPF arena podczas wywoływania funkcji fork. Problem wynika z nieprawidłowego dziedziczenia VMA (Virtual Memory Area) przez proces potomny, co prowadzi do użycia wygasłego wskaźnika i potencjalnej eskalacji uprawnień.

CVE-2026-42762
High

CVE-2026-42762 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.

CVE-2026-42760
High

An authentication bypass vulnerability in the Backup and Staging by WP Time Capsule plugin allows for password recovery exploitation. This issue affects versions from n/a through 1.22.25.

CVE-2026-42759
High

CVE-2026-42759 involves improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in Timo Affiliate Super Assistent. This issue affects versions from n/a through 1.10.1 inclusive.

CVE-2026-42754
High

CVE-2026-42754 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the Favicon component from n/a through version 1.3.46.

CVE-2026-42753
High

CVE-2026-42753 describes a missing authorization vulnerability in the WC Lovers WCFM Membership plugin, allowing exploitation of incorrectly configured access control security levels. This issue affects WCFM Membership from n/a through version 2.11.10.

CVE-2026-42749
High

CVE-2026-42749 describes an authentication bypass vulnerability in the Themeisle Disable Comments for Any Post Types (Remove comments) plugin, allowing password recovery exploitation. This issue affects versions from n/a through 1.3.0.

CVE-2026-42746
High

The vulnerability in ZAYTECH Smart Online Order for Clover allows the leakage of sensitive data by embedding it in sent data. This issue affects versions from n/a through 1.6.0 inclusive.

CVE-2026-42745
High

CVE-2026-42745 describes an authentication bypass vulnerability in ZAYTECH Smart Online Order for Clover. This issue affects versions from n/a through 1.6.0 inclusive.

CVE-2026-42739
High

CVE-2026-42739 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the Advanced IP Blocker application. This issue affects versions from n/a through 8.10.7.

CVE-2026-42738
High

CVE-2026-42738 describes an improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in the ZAYTECH Smart Online Order for Clover application. This issue affects versions from n/a through 1.6.0.

CVE-2026-42737
High

CVE-2026-42737 describes an improper limitation of a pathname to a restricted directory, leading to a Path Traversal vulnerability in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.

CVE-2026-42736
High

CVE-2026-42736 describes an authorization bypass vulnerability through a user-controlled key in the BP Better Messages plugin. This issue affects versions from n/a through 2.14.16 inclusive.

CVE-2026-42735
High

An authentication bypass vulnerability in the KiviCare clinic management system allows for password recovery exploitation. This issue affects KiviCare from n/a through version 4.3.0.

CVE-2026-42734
High

CVE-2026-42734 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in Geo Mashup. The issue affects versions from n/a through 1.13.19.

CVE-2026-42733
High

CVE-2026-42733 describes an improper neutralization of input during web page generation in the WPCS currency-switcher plugin, leading to DOM-Based XSS attacks. This issue affects WPCS from n/a through version 1.3.1.

CVE-2026-42730
High

The MasterStudy LMS has a Blind SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This issue affects versions from n/a through 3.7.29.

PreviousPage 248 of 3350Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS