CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
IBM Db2 w wersjach od 11.5.0 do 11.5.9 oraz od 12.1.0 do 12.1.4 jest podatny na atak typu denial of service przy użyciu specjalnie skonstruowanego zapytania, gdy włączone są transakcje autonomiczne.
A vulnerability in the Linux kernel related to stack-out-of-bounds access in the is_bprm_creds_for_exec() function has been fixed. This issue was caused by incorrect offset calculation using the *file pointer.
IBM QRadar w wersji 7.5.0 do 7.5.0 UP15 Interim Fix 002 może umożliwić uprzywilejowanemu użytkownikowi przesłanie złośliwego archiwum kopii zapasowej, które może zostać przywrócone i wykorzystane do uzyskania dostępu do systemu operacyjnego.
Podatność w wtyczce Tassos Framework umożliwia użytkownikom usuwanie dowolnych plików na dotkniętych stronach.
In the Linux kernel, a vulnerability in the SLIP protocol implementation was found where decode() and pull16() functions do not bounds-check the compressed packet length. A short VJ frame can cause an out-of-bounds read, and the excess data is incorporated into the compression state and reflected in subsequent packets.
In the Linux kernel, a vulnerability was found in the CO-RE (Compile Once - Run Everywhere) BPF mechanism. The bpf_core_parse_spec() function accepts negative indices in CO-RE accessor strings, leading to an out-of-bounds memory read and deterministic system crash. The issue is reachable with CAP_BPF privileges.
W jądrze Linux wykryto podatność use-after-free w mechanizmie BPF arena podczas wywoływania funkcji fork. Problem wynika z nieprawidłowego dziedziczenia VMA (Virtual Memory Area) przez proces potomny, co prowadzi do użycia wygasłego wskaźnika i potencjalnej eskalacji uprawnień.
CVE-2026-42762 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.
An authentication bypass vulnerability in the Backup and Staging by WP Time Capsule plugin allows for password recovery exploitation. This issue affects versions from n/a through 1.22.25.
CVE-2026-42759 involves improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in Timo Affiliate Super Assistent. This issue affects versions from n/a through 1.10.1 inclusive.
CVE-2026-42754 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the Favicon component from n/a through version 1.3.46.
CVE-2026-42753 describes a missing authorization vulnerability in the WC Lovers WCFM Membership plugin, allowing exploitation of incorrectly configured access control security levels. This issue affects WCFM Membership from n/a through version 2.11.10.
CVE-2026-42749 describes an authentication bypass vulnerability in the Themeisle Disable Comments for Any Post Types (Remove comments) plugin, allowing password recovery exploitation. This issue affects versions from n/a through 1.3.0.
The vulnerability in ZAYTECH Smart Online Order for Clover allows the leakage of sensitive data by embedding it in sent data. This issue affects versions from n/a through 1.6.0 inclusive.
CVE-2026-42745 describes an authentication bypass vulnerability in ZAYTECH Smart Online Order for Clover. This issue affects versions from n/a through 1.6.0 inclusive.
CVE-2026-42739 describes an improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS) vulnerabilities in the Advanced IP Blocker application. This issue affects versions from n/a through 8.10.7.
CVE-2026-42738 describes an improper neutralization of input during web page generation, leading to Stored XSS vulnerabilities in the ZAYTECH Smart Online Order for Clover application. This issue affects versions from n/a through 1.6.0.
CVE-2026-42737 describes an improper limitation of a pathname to a restricted directory, leading to a Path Traversal vulnerability in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.
CVE-2026-42736 describes an authorization bypass vulnerability through a user-controlled key in the BP Better Messages plugin. This issue affects versions from n/a through 2.14.16 inclusive.
An authentication bypass vulnerability in the KiviCare clinic management system allows for password recovery exploitation. This issue affects KiviCare from n/a through version 4.3.0.

