CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-13499
Medium

A stored XSS vulnerability was found in the yashpokharna2555 restaurant management system in login_register.php. Manipulating the Username parameter in the Registration Handler allows remote script execution. The exploit is public and the vendor has not responded.

CVE-2026-13497
Medium

A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the file /appointment.php. An unknown function mishandles the editid argument, allowing remote SQL injection. The exploit has been publicly disclosed and may be used.

CVE-2026-13496
Medium

A SQL injection vulnerability was found in Hospital Management System 1.0 in the file /ajaxmedicine.php. An attacker can remotely manipulate the medicineid argument, leading to SQL injection. The exploit has been made public, increasing the attack risk.

CVE-2026-13495
Medium

A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the file /adminprofile.php. An attacker can remotely manipulate the loginid argument, leading to SQL injection.

CVE-2026-13484
Medium

In MLflow up to version 4666cffc7912ea606d592fc38d6a75e2935f65e7, a missing authorization vulnerability was found in the Experiment-scoped Label Schema CRUD API. This flaw allows remote manipulation of data without proper authentication, though exploitation is difficult due to high attack complexity.

CVE-2026-58058
Medium

A vulnerability in Nmap through version 7.99 causes the ipv6_get_data_primitive function to improperly handle IPv6 extension header boundaries, leading to out-of-bounds reads. An attacker can trigger a crash by sending a crafted IPv6 response with a truncated extension header during raw IPv6 scans.

CVE-2026-58055
Medium

A vulnerability in nghttp2 nghttpx up to version 1.69.0 causes an HTTP/1.1 Upgrade request with a Content-Length header and body to be forwarded onto reusable keep-alive backend connections. A backend interpreting this ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.

CVE-2026-58051
Medium

In libssh2 up to version 1.11.1, when growing the publickey list with SSH2_REALLOC, new entries are not zero-initialized before parsing populates them. A parse failure reaching the cleanup path causes libssh2_publickey_list_free to operate on an uninitialized entry, potentially freeing an attacker-influenceable attrs pointer.

CVE-2026-45259
Medium

A vulnerability in the sigqueue(2) implementation in FreeBSD allows a process in capability mode to send signals to any process, bypassing Capsicum sandbox restrictions. The missing check for the target PID being the calling process's own enables an attacker to interfere with other processes.

CVE-2026-9242
Medium

The RegistrationMagic plugin for WordPress up to version 6.0.8.6 contains an authentication bypass vulnerability due to insufficient data authenticity verification in the PayPal IPN handler. The handler is accessible to unauthenticated users and updates the database before IPN validation, allowing an attacker to forge an IPN request, overwrite the user ID in a payment log, and then obtain authentication cookies for any user, including administrators.

CVE-2026-9233
Medium

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action, allowing authenticated attackers with contributor-level access and above to create, modify, and delete quiz output templates in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags.

CVE-2026-3462
Medium

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks in the 'upload_csv' and 'process_batch' functions in all versions up to and including 1.8.9. This allows authenticated attackers with Subscriber-level access and above to upload arbitrary CSV data and overwrite WooCommerce payment tokens, postmeta, and order meta records.

CVE-2026-13295
Medium

The Page Builder by SiteOrigin plugin for WordPress up to version 2.34.3 contains a stored XSS vulnerability via the panels_data parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary scripts that execute when users access the compromised page.

CVE-2026-12471
Medium

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function. This allows authenticated attackers with Subscriber-level access or above to activate a limited set of plugins.

CVE-2026-12432
Medium

The WP Full Stripe Free plugin for WordPress up to version 8.4.3 lacks authorization in the wpfs_update_failed_payment_status AJAX action. Unauthenticated attackers with a valid Stripe Payment Intent ID can manipulate payment records in the database, marking successful payments as failed and overwriting error codes.

CVE-2026-12399
Medium

The Gutenverse plugin for WordPress is vulnerable to stored XSS via admin settings in all versions up to 3.8.0 due to insufficient input sanitization and output escaping.

CVE-2026-11987
Medium

The Dokan plugin for WordPress up to version 5.0.4 is vulnerable to Insecure Direct Object Reference (IDOR) via the 'id' parameter. Authenticated attackers with subscriber-level access can read other vendors' products, including unpublished drafts and pending listings.

CVE-2026-11783
Medium

The Dokan plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Product SKU field in all versions up to and including 5.0.4 due to insufficient input sanitization and output escaping. This allows authenticated attackers with custom-level access or higher to inject arbitrary web scripts that execute when users access affected pages.

CVE-2026-11773
Medium

The Masteriyo LMS plugin for WordPress up to version 2.2.1 contains an authorization bypass vulnerability. Authenticated attackers with student-level access or higher can modify the content of course announcements created by instructors or administrators.

CVE-2026-11597
Medium

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.0.1. This is due to insufficient input sanitization and output escaping on the 'account' and 'id' shortcode attributes, which are concatenated directly into a <script> tag's src attribute. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts that execute whenever a user visits an injected page.

PreviousPage 32 of 519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS