CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-45657
Critical

A use after free vulnerability in Windows Kernel allows an unauthorized attacker to execute code over a network.

CVE-2026-45602
Critical

A vulnerability in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

CVE-2026-44815
Critical

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42904
Critical

A heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-38615
Critical

DedeCMS version 5.7.118 is vulnerable to Command Execution in file_manage_control.php.

CVE-2026-34182
Critical

Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises.

CVE-2026-26142
CriticalEPSS 78%

A deserialization of untrusted data vulnerability in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

CVE-2026-8025
Critical

CVE-2026-8025 describes an improper neutralization of special elements used in SQL commands, leading to SQL Injection vulnerability in the CBS Platform by MOSK Information Technologies Ltd.

CVE-2026-25089
CriticalEPSS 76%

Fortinet FortiSandbox has a vulnerability due to improper neutralization of special elements in OS commands, allowing unauthenticated attackers to execute unauthorized commands via specially crafted HTTP requests.

CVE-2026-10523
CriticalEPSS 99%

CVE-2026-10523 in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 contains an authentication bypass vulnerability that allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access.

CVE-2026-10520
CriticalActively exploitedEPSS 98%

CVE-2026-10520 is an OS Command Injection vulnerability in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution.

CVE-2026-7486
Critical

There is an SQL injection vulnerability in Netcad Software Inc. E-İmar due to improper neutralization of special elements used in SQL commands. This issue affects E-İmar from version 2.10.1.0 to before 3.0.2.

CVE-2026-46325
Critical

A vulnerability has been identified in the Linux kernel regarding the iova-to-va conversion for memory region page sizes different from PAGE_SIZE. This flaw leads to incorrect handling of memory regions, potentially resulting in erroneous virtual addresses.

CVE-2026-46316
Critical

A vulnerability was found in the Linux kernel's KVM for ARM64, specifically in the VGIC-ITS translation cache. The cache invalidation function can drop the same reference multiple times when called concurrently from different contexts, leading to a premature object release.

CVE-2017-20251
Critical

The Insert PHP plugin for WordPress versions before 3.3.1 contains a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API.

CVE-2026-10731
Critical

CVE-2026-10731 describes an SQL injection vulnerability in the 'two_steps_auth_code' parameter processed by the 'twoStepsAuthVerification' function within the '/user-login' endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queries on the backend database.

CVE-2025-10263
Critical

A vulnerability in ARM processors allows writes to resources owned by a higher exception level. It affects a wide range of chips including Cortex-A, Neoverse, and C1 series.

CVE-2009-10007
Critical

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl are susceptible to session fixation attacks. The plugin does not automatically change the session id after authentication, allowing an attacker to impersonate the victim.

CVE-2026-9698
Critical

A vulnerability in the DBI library for Perl before version 1.648 causes a buffer overflow when saving error messages. The issue occurs when RaiseError, PrintError, or HandleError options are enabled, and an attacker can influence the error text.

CVE-2026-44083
Critical

A vulnerability in QuMagie has been reported that allows for authorization bypass through a user-controlled key. Remote attackers can exploit this vulnerability to gain unintended privileges.

PreviousPage 46 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS