CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-10540
Medium

Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects unsupported versions 9.0.20.x and potentially earlier unsupported versions.

CVE-2026-10539
Critical

A vulnerability in Control-M/Server communication allows an unauthenticated attacker to execute unauthorized commands due to insufficient input filtering. The issue affects versions 9.0.20.x through 9.0.21.200 and potentially earlier unsupported versions.

CVE-2026-10538
High

A vulnerability in the messaging consumer functionality of unsupported Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and earlier allows deserialization of user-controlled data without sufficient restriction of allowed object types. This may allow an authenticated attacker to trigger unintended server-side behavior through crafted serialized content.

CVE-2026-10096
Medium

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in versions up to and including 1.4.9. Missing validation on the 'page_id' parameter allows authenticated attackers with author-level access or higher to modify Qi Blocks styles of arbitrary posts, templates, or widgets they do not own, including site-wide surfaces via reserved 'template' and 'widget' values.

CVE-2026-1239
High

The Ninja Forms plugin for WordPress is vulnerable to unauthorized data access due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to and including 3.14.1. This allows unauthenticated attackers to view form submissions, which may contain sensitive information.

CVE-2026-14193
High

The vulnerability in the DVP80ES300T device is caused by improper validation of an array index, which could allow an attacker to execute code or cause a system crash.

CVE-2026-12579
High

The AS228T device contains an authentication bypass vulnerability. An attacker can gain unauthorized access to the system without knowing valid credentials.

CVE-2026-11887
Medium

The Salon Booking System WordPress plugin before version 10.30.20 lacks proper authorization checks on one of its AJAX actions, allowing any authenticated user (e.g., a subscriber) to modify a plugin setting and bypass manual approval of new bookings.

CVE-2026-11883
High

The WebAuthn Provider for Two Factor WordPress plugin before version 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

CVE-2026-11880
Low

The Fluent Forms WordPress plugin before version 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with low privileges to cancel subscriptions belonging to other users.

CVE-2026-11823
High

The BookingPress Appointment Booking Pro plugin for WordPress up to version 5.7.1 is vulnerable to SQL Injection via the 'store_service_date' parameter in the bpa_assign_staffmember_to_slots() function. This is due to the use of stripslashes_deep() on POST data without using $wpdb->prepare(), allowing unauthenticated attackers to append additional SQL queries.

CVE-2026-11794
High

The Advanced Form Integration plugin for WordPress before version 2.1.1 does not restrict the WordPress role assigned when creating a user from a public form submission. This allows unauthenticated visitors to create an administrator account if an active integration maps the user role to a public form field, requiring a specific non-default configuration.

CVE-2026-11570
Medium

The User Submitted Posts WordPress plugin before version 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting vulnerability. This can be triggered by unauthenticated users when a non-default display option is enabled.

CVE-2026-11568
High

The Product Configurator for WooCommerce WordPress plugin before version 1.7.3 lacks authorization and post-status checks when returning WooCommerce product data via a public AJAX action. This allows unauthenticated users to retrieve data (title, price, weight, stock status, and configurator option pricing/SKUs) of private and draft products by supplying the product ID, bypassing WordPress post-visibility controls.

CVE-2026-11562
Medium

The WS Form LITE WordPress plugin before version 1.11.8 lacks a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.

CVE-2026-10750
High

The Royal MCP WordPress plugin before version 1.4.26 does not perform capability checks on most of its MCP tools after token authentication, allowing authenticated users with low-privileged roles such as Subscriber to read private content, enumerate all users and their roles, and create, modify, or delete content owned by other users.

CVE-2025-15666
Medium

A heap-based buffer overflow vulnerability was found in Open Asset Import Library Assimp up to version 5.4.3 in the Assimp::SceneCombiner::Copy function. Manipulating width/height arguments triggers the overflow.

CVE-2026-9107
Medium

The Kali Forms plugin for WordPress up to version 2.4.13 is vulnerable to Stored XSS via the 'meta[kaliforms_field_components]' parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary scripts that execute when a user visits the compromised page.

CVE-2026-7840
CriticalEPSS 65%

UltraVNC repeater up to version 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. The HTTP receive buffer accepts URIs up to approximately 150 KB (WI_RXBUFSIZE = 153600), so an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) can overflow hdrbuf by at least 500 bytes with a single HTTP request containing a URI of 1500 bytes or longer, corrupting adjacent .bss-segment globals. The overflow occurs before any authentication check, making it reachable without credentials. A remote, unauthenticated attacker can achieve arbitrary code execution on the host running the repeater.

CVE-2026-7839
Critical

UltraVNC repeater up to version 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. On first run, when settings2.txt is absent, it writes the password "adminadmi2" for the admin user. The Basic-auth handler lacks rate-limiting or lockout, allowing a remote attacker to easily gain full control of the repeater configuration.

PreviousPage 68 of 4528Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS