CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-57325
High

The vulnerability allows an unauthenticated attacker to inject malicious script (XSS) in NanoMag version 1.8 and earlier. The attack can be performed without authentication, increasing the risk for users.

CVE-2026-57324
Medium

The vulnerability in the GIFT4U plugin versions up to 1.0.10 allows unauthenticated attackers to bypass access controls. This can lead to unauthorized access to functions or data.

CVE-2026-57323
Medium

The Flash & HTML5 Video plugin version 2.11.0 and earlier contains an unauthenticated broken access control vulnerability. An attacker can gain unauthorized access to functions or data without required authentication.

CVE-2026-57322
High

Unauthenticated Cross Site Scripting (XSS) vulnerability in weMail versions up to 2.1.2.

CVE-2026-57321
High

The H5P plugin version 1.17.7 and earlier contains a vulnerability allowing a contributor to delete arbitrary files on the server. The flaw is due to insufficient permission validation during file deletion operations.

CVE-2026-57319
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in FOX versions 1.4.8 and earlier. It allows a remote attacker to inject malicious script without authentication.

CVE-2026-57318
Medium

The Site Reviews plugin version 8.0.11 and earlier allows sensitive subscriber data exposure. This vulnerability enables unauthorized users to access information that should be protected.

CVE-2026-57317
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Simply Schedule Appointments plugin versions up to and including 1.6.12.2.

CVE-2026-57316
Medium

The vulnerability in GetGenie plugin versions up to 4.4.2 allows exposure of sensitive subscriber data. An attacker can access information that should be protected.

CVE-2026-57315
High

The vulnerability allows remote code execution (RCE) in the Blocksy Companion Pro plugin up to version 2.1.45. An attacker can exploit this flaw to take control of the server.

CVE-2026-57314
High

SureCart plugin version 4.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57313
Medium

Cross Site Scripting (XSS) vulnerability in SureCart plugin versions up to 4.2.2, allowing a subscriber-level user to inject malicious script.

CVE-2026-57312
High

Unauthenticated Cross Site Scripting (XSS) vulnerability in Everest Forms versions up to 3.4.8.

CVE-2026-56773
High

In Teable v2, the REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables.

CVE-2026-56072
High

Unauthenticated Cross Site Scripting (XSS) vulnerability in WoodMart versions up to 8.5.3 allows an attacker to execute malicious scripts without authentication.

CVE-2026-56070
Critical

The Advance Product Search plugin version 1.4.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can send specially crafted queries to execute arbitrary SQL commands on the database.

CVE-2026-56069
High

An IDOR vulnerability in Toolset Forms versions up to 2.6.24 allows an unauthenticated attacker to access unauthorized data by manipulating object identifiers.

CVE-2026-56068
Critical

The JetEngine plugin for WordPress versions 3.8.10.2 and earlier contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. This vulnerability allows unauthorized database queries to be executed.

CVE-2026-56067
Critical

The JetSmartFilters plugin versions up to 3.8.3 contain an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows executing arbitrary SQL queries on the database.

CVE-2026-56066
Medium

The ShortPixel Adaptive Images plugin versions up to 3.11.4 contain a vulnerability allowing an unauthenticated attacker to delete arbitrary files on the server. The flaw is due to missing proper authorization and input validation.

PreviousPage 292 of 4711Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS