CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2021-47965
Critical

The WordPress Plugin WP Super Edit version 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component, allowing attackers to upload dangerous file types without validation.

CVE-2026-44774
Critical

A vulnerability in Traefik allows a user with HTTPRoute creation permissions in the Kubernetes Gateway API provider to bypass the providers.rest.insecure=false setting and access the REST provider handler. By referencing a TraefikService backend whose name ends with @internal, traffic can be routed to rest@internal, enabling unauthorized reconfiguration of routers and services in shared Gateway deployments.

CVE-2026-44717
Critical

The MCP Calculate Server, based on the MCP protocol and SymPy library, prior to version 0.1.1, used eval() to evaluate mathematical expressions without proper input sanitization, leading to remote code execution.

CVE-2026-44699
Critical

LibJWT is a C library for handling JSON Web Tokens. From versions 3.0.0 to 3.3.2, libjwt accepts an RSA JWK without the alg parameter as the verification key for HS256/HS384/HS512 tokens, allowing an attacker to forge a valid JWT without knowing any secret or RSA private key.

CVE-2026-42155
Critical

In Magento Long Term Support (LTS) versions prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated time-based method, leading to low entropy levels. This violates OWASP ASVS and NIST standards, allowing attackers to perform brute-force attacks on active API sessions.

CVE-2026-41258
Critical

In OpenMRS, from version 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method evaluates database-stored criteria as Apache Velocity templates without proper sandbox configuration. This allows unrestricted Java reflection through template expressions.

CVE-2026-45772
Critical

Turborepo, a build system for JavaScript and TypeScript codebases, is vulnerable to arbitrary code execution in versions from 1.1.0 to before 2.9.14 when run in untrusted repositories containing malicious Yarn configuration. Package manager detection executes yarn --version, which could lead to loading and executing code from .yarnrc.yml controlled by an attacker.

CVE-2026-2031
Critical

CVE-2026-2031 describes an improper access control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to January 23, 2026. This allows a remote, unauthenticated attacker to disclose sensitive information and execute arbitrary code using specially crafted HTTP requests.

CVE-2026-7182
Critical

The diagram's export module is vulnerable to Path Traversal in the src attribute due to lack of HTML sanitization. An unauthenticated user could craft an HTML payload that could include local files from the server and display them in the generated PDF.

CVE-2026-41553
Critical

The PDF Export Module used in DHTMLX's Gantt and Scheduler products is vulnerable to Remote Code Execution due to lack of 'data' parameter sanitization. An unauthenticated attacker can inject malicious JavaScript code that is processed by Node.js and subsequently executed on the server.

CVE-2026-8398
Critical

A supply chain attack compromised the official installation packages of DAEMON Tools Lite in versions 12.5.0.2421 to 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's build or distribution infrastructure and trojanized three binaries.

CVE-2026-5229
Critical

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to 1.1.10. The issue arises from the plugin trusting user-controlled cookie data, allowing unauthenticated access to user accounts.

CVE-2026-0481
Critical

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability.

CVE-2026-44666
Critical

HRConvert2 prior to version 3.3.8 has a vulnerability in the sanitizeString() function that does not remove backtick (`) and tab ( ) characters. As a result, user input can reach shell_exec(), allowing commands within filenames to be executed.

CVE-2026-44212
Critical

In PrestaShop, prior to versions 8.2.6 and 9.1.1, there is a Cross-Site Scripting (XSS) vulnerability in the back-office Customer Service view. An unauthenticated attacker can submit a malicious email address through the Contact Us form, leading to session hijacking and full back-office takeover.

CVE-2026-8634
Critical

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment.

CVE-2026-8580
Critical

Use after free in Mojo in Google Chrome prior to version 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-8511
Critical

Use after free in UI in Google Chrome prior to version 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-26191
Critical

In Fleet software, prior to version 4.81.0, a vulnerability in the installation process could allow arbitrary commands to be executed as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when an uninstall is triggered. A specially crafted software package could lead to unintended command execution.

CVE-2026-45375
Critical

SiYuan is a knowledge management system that prior to version 3.7.0 did not properly HTML escape names and versions in plugin.json files. As a result, malicious HTML could be executed in the user interface when a user opened the marketplace tab.

PreviousPage 74 of 558Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS