CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
A path traversal vulnerability was found in KubeVirt's virt-exportserver component. An attacker with namespace-level access can place a symbolic link in an exported PVC pointing outside its mount root, allowing arbitrary file reads from the exporter pod's filesystem.
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input.
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to and including 2.20.1 due to a flawed filename validation. Authenticated attackers with author-level access can upload executable files, enabling remote code execution.
The Eupago Gateway plugin for WooCommerce before version 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials.
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all versions up to and including 1.6.11.8. The issue arises from insufficient escaping of the user-supplied parameter and lack of proper preparation of the existing SQL query.
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'User-Agent' header in all versions up to and including 5.4.11 due to insufficient input sanitization and output escaping. This allows attackers to inject arbitrary web scripts that will execute whenever a user accesses an injected page.
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin is vulnerable to Stored Cross-Site Scripting (XSS) via the 'file_upload' parameter in all versions up to and including 2.8.2 due to insufficient input sanitization and output escaping.
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the process_bulk_action() function.
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it.
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.7.2 via the filter_content function. The issue arises from the lack of sanitization of the 'callback_raw' attribute, allowing authenticated attackers to execute dangerous PHP functions.
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can assign any realm role, including highly privileged ones, to a client's scope mapping. This bypasses security controls and injects the role into a user's authentication token.
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 3.29.2. This is due to improper verification of user permissions, allowing authenticated attackers to modify administrator data.
Podatność umożliwia uwierzytelnionemu użytkownikowi z rolą Administratora Kopii Zapasowej zapisanie dowolnych plików na serwerze Veeam Backup & Replication działającym na systemie Linux.
Ta podatność w Veeam Agent dla systemu Microsoft Windows umożliwia lokalne podniesienie uprawnień.
Metoda autoTranslate.translateMessage w Rocket.Chat w wersjach <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8 i <7.10.12 akceptuje obiekt IMessage dostarczony przez klienta i przekazuje go bezpośrednio do translateMessage() bez sprawdzania Meteor.userId() ani weryfikacji członkostwa w pokoju. Każdy uwierzytelniony użytkownik DDP może odczytać treść dowolnej wiadomości po ID z dowolnego pokoju.
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to 1.8.0. The issue arises from the `authenticate()` function storing unsanitized data in the `login_nocaptcha_error` option during login attempts from a non-standard login page.
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL).
Podatność typu out-of-bounds write w Samsung Open Source Escargot umożliwia przepełnienie buforów. Problem dotyczy wersji Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
Framework Microsoft UFO w wersji 3.0.1-4-ge2626659 ma problem z zaufaniem do pól tożsamości i roli dostarczanych przez klienta w wiadomościach zadań. Klient może zarejestrować się jako normalne urządzenie, a następnie wysłać wiadomość TASK, podszywając się pod wyższą rolę 'constellation', co prowadzi do przejęcia zadań przez atakującego.
Framework open-source Microsoft UFO do inteligentnej automatyzacji na różnych urządzeniach i platformach w wersji 3.0.1-4-ge2626659 wykorzystuje wartość task_name kontrolowaną przez użytkownika bezpośrednio przy tworzeniu ścieżek logów sesji. Uwierzytelniony klient może dostarczyć sekwencje przejścia ścieżki w task_name, co pozwala na tworzenie katalogów logów i plików logów poza zamierzonym katalogiem logs/.

