CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the file /appointment.php. An unknown function mishandles the editid argument, allowing remote SQL injection. The exploit has been publicly disclosed and may be used.
A SQL injection vulnerability was found in Hospital Management System 1.0 in the file /ajaxmedicine.php. An attacker can remotely manipulate the medicineid argument, leading to SQL injection. The exploit has been made public, increasing the attack risk.
A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the file /adminprofile.php. An attacker can remotely manipulate the loginid argument, leading to SQL injection.
In MLflow up to version 4666cffc7912ea606d592fc38d6a75e2935f65e7, a missing authorization vulnerability was found in the Experiment-scoped Label Schema CRUD API. This flaw allows remote manipulation of data without proper authentication, though exploitation is difficult due to high attack complexity.
A vulnerability in Nmap through version 7.99 causes the ipv6_get_data_primitive function to improperly handle IPv6 extension header boundaries, leading to out-of-bounds reads. An attacker can trigger a crash by sending a crafted IPv6 response with a truncated extension header during raw IPv6 scans.
A vulnerability in Flowise before version 3.1.3 allows bypassing the denylist of environment variables for Custom MCP stdio nodes. On Windows, where environment variable names are case-insensitive, supplying 'node_options' bypasses the 'NODE_OPTIONS' denylist entry, enabling code injection.
A vulnerability in nghttp2 nghttpx up to version 1.69.0 causes an HTTP/1.1 Upgrade request with a Content-Length header and body to be forwarded onto reusable keep-alive backend connections. A backend interpreting this ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.
In libssh2 up to version 1.11.1, when growing the publickey list with SSH2_REALLOC, new entries are not zero-initialized before parsing populates them. A parse failure reaching the cleanup path causes libssh2_publickey_list_free to operate on an uninitialized entry, potentially freeing an attacker-influenceable attrs pointer.
A vulnerability in the sigqueue(2) implementation in FreeBSD allows a process in capability mode to send signals to any process, bypassing Capsicum sandbox restrictions. The missing check for the target PID being the calling process's own enables an attacker to interfere with other processes.
The RegistrationMagic plugin for WordPress up to version 6.0.8.6 contains an authentication bypass vulnerability due to insufficient data authenticity verification in the PayPal IPN handler. The handler is accessible to unauthenticated users and updates the database before IPN validation, allowing an attacker to forge an IPN request, overwrite the user ID in a payment log, and then obtain authentication cookies for any user, including administrators.
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action, allowing authenticated attackers with contributor-level access and above to create, modify, and delete quiz output templates in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags.
The Frisbii Pay plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks in the 'upload_csv' and 'process_batch' functions in all versions up to and including 1.8.9. This allows authenticated attackers with Subscriber-level access and above to upload arbitrary CSV data and overwrite WooCommerce payment tokens, postmeta, and order meta records.
The Page Builder by SiteOrigin plugin for WordPress up to version 2.34.3 contains a stored XSS vulnerability via the panels_data parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary scripts that execute when users access the compromised page.
The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function. This allows authenticated attackers with Subscriber-level access or above to activate a limited set of plugins.
The WP Full Stripe Free plugin for WordPress up to version 8.4.3 lacks authorization in the wpfs_update_failed_payment_status AJAX action. Unauthenticated attackers with a valid Stripe Payment Intent ID can manipulate payment records in the database, marking successful payments as failed and overwriting error codes.
The Gutenverse plugin for WordPress is vulnerable to stored XSS via admin settings in all versions up to 3.8.0 due to insufficient input sanitization and output escaping.
The Dokan plugin for WordPress up to version 5.0.4 is vulnerable to Insecure Direct Object Reference (IDOR) via the 'id' parameter. Authenticated attackers with subscriber-level access can read other vendors' products, including unpublished drafts and pending listings.
The Dokan plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Product SKU field in all versions up to and including 5.0.4 due to insufficient input sanitization and output escaping. This allows authenticated attackers with custom-level access or higher to inject arbitrary web scripts that execute when users access affected pages.
The Masteriyo LMS plugin for WordPress up to version 2.2.1 contains an authorization bypass vulnerability. Authenticated attackers with student-level access or higher can modify the content of course announcements created by instructors or administrators.
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.0.1. This is due to insufficient input sanitization and output escaping on the 'account' and 'id' shortcode attributes, which are concatenated directly into a <script> tag's src attribute. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts that execute whenever a user visits an injected page.

