CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-12127
Medium

The WPForms plugin for WordPress up to version 1.10.2 is vulnerable to CRLF Injection, allowing email header injection. The flaw occurs due to improper handling of the Reply-To display name, enabling unauthenticated attackers to inject arbitrary headers like Bcc into outgoing notification emails.

CVE-2026-12113
Medium

The Appointment Booking Calendar plugin for WordPress up to version 1.4.02 exposes sensitive information via the cpabc_appointments_filter_list parameter. This allows authenticated attackers with contributor-level access or higher to extract customer personal identifiable information such as names, email addresses, phone numbers, appointment comments, and other booking details.

CVE-2026-12110
Medium

The Taskbuilder plugin for WordPress up to version 5.0.8 is vulnerable to generic SQL injection via the 'task_search' parameter due to insufficient escaping and lack of query preparation. Authenticated attackers with subscriber-level access or higher can append malicious SQL queries.

CVE-2026-12090
Medium

The Taskbuilder plugin for WordPress is vulnerable to generic SQL injection via the 'wppm_proj_filter' parameter in versions up to 5.0.8. Insufficient escaping and lack of query preparation allow authenticated attackers (subscriber-level and above) to append additional SQL queries, enabling extraction of sensitive database information.

CVE-2026-11988
Medium

The LearnPress WordPress LMS plugin up to version 4.3.9.1 is vulnerable to Insecure Direct Object Reference (IDOR) via the 'userId' parameter. An authenticated attacker with subscriber-level access or higher can view course enrollment progress and completion data belonging to instructors and administrators.

CVE-2026-11981
Medium

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 4.15.3. This is due to missing nonce validation on the give_set_notification_status_handler() function, allowing unauthenticated attackers to disable donation email notifications via a forged request.

CVE-2026-11380
Medium

The JetWidgets For Elementor plugin for WordPress up to version 1.0.21 is vulnerable to Stored Cross-Site Scripting (XSS). This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animation_effect setting before it is rendered inside an HTML class attribute. Authenticated attackers with author-level access or higher can inject arbitrary web scripts that execute when a user visits an injected page.

CVE-2026-20463
Medium

In the Modem module, a vulnerability was found that allows privilege escalation through a permissions bypass. This can be exploited locally if the attacker already has System privileges. User interaction is not required for exploitation.

CVE-2026-20462
Medium

A memory corruption vulnerability due to a heap buffer overflow has been discovered in Telephony. This could lead to local escalation of privilege if an attacker already has System privileges. User interaction is not required for exploitation.

CVE-2026-20461
Medium

In the Modem module, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote denial of service if a UE connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are needed for exploitation.

CVE-2026-20460
Medium

In the Modem module, there is a vulnerability leading to information disclosure due to improper input validation. An attacker can remotely disclose information if the user equipment (UE) connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are required for exploitation.

CVE-2026-20459
Medium

A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by using a rogue base station without requiring user interaction.

CVE-2026-20458
High

In the Modem module, a possible memory corruption due to a missing bounds check could lead to remote escalation of privilege if a UE connects to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not required for exploitation.

CVE-2026-20457
Medium

A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by luring a UE to connect to a rogue base station.

CVE-2026-14191
High

An out-of-bounds heap write vulnerability exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR. The RecItems vector is sized only for the first .rev file, and subsequent files can supply a RecNum value not validated against the actual vector size. An attacker can craft a set of .rev files to write a controlled 32-bit value past the allocated buffer, corrupting adjacent heap objects.

CVE-2026-53488
High

The CRI plugin in containerd prior to versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may allow arbitrary command execution on the host via a plugin that consumes container labels for operations.

CVE-2026-41579
Low

In runc prior to versions 1.3.6, 1.4.3, and 1.5.0, setupPtmx and setupDevSymlinks use filepath.Join with os.Remove and os.Symlink, allowing an image with /dev as a symlink to delete the ptmx file on the host or create symlinks in an arbitrary host directory. This is not exploitable under Docker, but other container tooling built on runc remains exposed.

CVE-2026-54903
Medium

A vulnerability in the Oj (Optimized JSON) library for Ruby prior to version 3.17.2 causes heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in the buf_append_string function leads to copying an astronomically large amount of data out of bounds.

CVE-2026-54902
Medium

The Oj (Optimized JSON) library for Ruby prior to version 3.17.2 has a Use-After-Free vulnerability in SAJ mode. The Oj::Parser does not protect cached object keys (≥35 bytes) from garbage collection, and a Ruby callback in hash_end can free the key memory while the C parser still holds a pointer. This causes a segfault, confirmed by RIP pointing to address 0x4242.

CVE-2026-54901
Medium

A Use-After-Free vulnerability was found in the Oj (Optimized JSON) library for Ruby in normal parser mode. The issue occurs when the garbage collector reclaims array_class and hash_class objects before they are used, leading to dereferencing freed memory and a segfault.

PreviousPage 47 of 4499Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS