CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The Product Specifications for WooCommerce plugin for WordPress up to version 0.8.9 is vulnerable to unauthorized data modification, creation, and deletion. This is due to missing capability checks and nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, allowing authenticated attackers with Subscriber-level access or higher to manipulate product specification groups and attributes.
The Shariff for WordPress plugin through version 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() function. This allows high-privilege users such as administrators to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in a multisite setup).
The MaxButtons plugin for WordPress up to version 9.8.5 is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts.
The NEX-Forms plugin for WordPress up to version 9.2.2 contains an authorization bypass vulnerability. Unauthenticated attackers can enumerate sequential report IDs and download complete form submission data, including names, email addresses, phone numbers, postal addresses, payment details, and uploaded file paths.
The HD Quiz plugin for WordPress versions 2.2.0 to 2.2.1 is vulnerable to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in the hdq_validate_nonce function. Unauthenticated attackers can exploit this to delete or modify quizzes and questions, create new quizzes, and change plugin settings by tricking a site administrator into performing an action like clicking a link.
The Post Map for Google Maps plugin for WordPress up to version 1.2.6 is vulnerable to Stored Cross-Site Scripting via the 'cpm_point' Post Meta due to insufficient input sanitization and output escaping.
The Groundhogg plugin for WordPress (versions up to 4.5.5) is vulnerable to generic SQL injection via the 'query[select]' parameter. Insufficient escaping and lack of prepared statements allow authenticated attackers with Sales Representative-level access or higher to append additional SQL queries, potentially extracting sensitive database information.
The Groundhogg plugin for WordPress (CRM, newsletters, and marketing automation) in versions up to and including 4.5.5 is vulnerable to generic SQL injection via the 'search' parameter. This is due to insufficient escaping of user-supplied input and lack of proper preparation of SQL queries.
The Ivory Search WordPress plugin up to version 5.5.15 is vulnerable to stored XSS via the 'menu_title' and 'menu_magnifier_color' settings due to insufficient input sanitization and output escaping.
In Kestra prior to versions 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control bypass that allows any authenticated user to read output files from any other execution within the same tenant, bypassing execution-level and namespace-level isolation.
A stored cross-site scripting (XSS) vulnerability in Koha Library Management System versions 0 through 25.11 allows an authenticated remote attacker with admin privileges to inject arbitrary scripts via the item type check-in message field.
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System versions 0 through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).
A stored cross-site scripting (XSS) vulnerability was discovered in the patron restriction type administration page of Koha Library Management System versions 0 through 25.11. It allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field).
In the unauthenticated UART debug console of the Tenda N300 F3 (V603) router, WPA2 credentials are stored and exposed in cleartext, and the rr/wr memory read/write commands lack authentication. A physically proximate attacker can obtain these credentials and arbitrarily read or write memory via the serial port.
A stack overflow vulnerability was found in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of Bento4 before version 1.8.9. Attackers can exploit this by providing a crafted MP4 file, causing a Denial of Service (DoS).
A stack overflow vulnerability in the AP4_StsdAtom::AP4_StsdAtom component of Bento4 before version 1.8.9 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
In Notepad++ prior to 8.9.6.4, a TOCTOU vulnerability exists in handling shortcuts.xml. The HMAC check occurs at command execution time, but the command payload is taken from memory that is not synchronized with the disk file. An attacker can swap the file before launch and restore it afterward, allowing malicious commands to execute.
Notepad++ prior to version 8.9.6.1 contains a vulnerability in handling WM_COPYDATA messages. A local process in the same Windows session can send a malformed message that does not enforce data length checking, potentially leading to a buffer overflow.
The vulnerability in Lansweeper lsrunase 2.0 and lsencrypt 2.0 uses RC4 encryption with a hardcoded 142-byte static key. An 8-character prefix is stored in cleartext alongside the ciphertext, allowing a local attacker to recover any encrypted password to plaintext without brute force.
In RustFS version 1.0.0-beta.7 and earlier, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. The validate_admin_request call is missing, allowing restricted users to read sensitive cluster-wide operational data.

