CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-44643
Critical

Angular Expressions, used in the Angular.JS framework, prior to version 1.5.2, allowed an attacker to write a malicious expression that could escape the sandbox and execute arbitrary code on the system.

CVE-2026-42613
Critical

Grav is a file-based web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation.

CVE-2026-42608
Critical

Grav is a file-based web platform. Prior to version 2.0.0-beta.2, there was a Path Traversal vulnerability in the FormFlash core component, allowing unauthenticated attackers to manipulate the filesystem.

CVE-2026-42607
Critical

Grav is a file-based web platform. Prior to version 2.0.0-beta.2, an authenticated user with administrative privileges could achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the 'Direct Install' tool.

CVE-2026-40636
Critical

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0 contain a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for the attacker.

CVE-2021-47940
Critical

The WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability. Attackers can exploit the AJAX fileupload action to upload malicious files, bypassing file type restrictions.

CVE-2021-47936
Critical

OpenCATS version 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.

CVE-2021-47933
Critical

WordPress MStore API version 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.

CVE-2021-47932
Critical

WordPress TheCartPress version 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler.

CVE-2021-47923
Critical

OpenCart version 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.

CVE-2026-6104
Critical

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, passing an encoding name containing an embedded NUL byte to mb_convert_encoding() or related mbstring functions causes the code to incorrectly assume that strncasecmp() returning 0 means equal string lengths. This leads to an out-of-bounds read of global memory, potentially causing a crash or information disclosure.

CVE-2026-6722
Critical

PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6 contain a use-after-free vulnerability in the SOAP extension's object deduplication mechanism. Storing pointers to PHP objects in a global map without incrementing reference counts, combined with duplicate keys in an apache:Map node, leads to freed memory and potential remote code execution.

CVE-2025-14179
Critical

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string.

CVE-2026-42601
Critical

ArchiveBox is a web archiving system that, in versions 0.8.6rc0 and prior, has a vulnerability in the /add/ endpoint. The config JSON field is merged into the crawl config without validation, allowing injection of arbitrary tool arguments, leading to remote code execution (RCE).

CVE-2026-42571
Critical

Pelican, a platform for creating data federations, has a privilege escalation vulnerability in the Web User Interface (WebUI) in versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2. This allows authenticated users to gain admin privileges under certain configurations.

CVE-2026-42569
Critical

In phpVMS, a PHP application for simulating airlines, prior to version 7.0.6, a critical vulnerability allowed unauthenticated access to a legacy import feature.

CVE-2026-42560
Critical

Versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2 of the auth library have an issue with mapping Patreon user accounts to a local identifier. All Patreon-authenticated users are treated as a single local user, leading to account mixing and potential privacy breaches.

CVE-2026-44313
Critical

Linkwarden prior to version 2.13.0 had a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function that allowed authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation.

CVE-2026-42454
Critical

Termix is a web-based server management platform that prior to version 2.1.0 did not sanitize or validate URL parameters and WebSocket message fields. This allows an authenticated attacker to inject arbitrary OS commands, leading to Remote Code Execution on managed servers.

CVE-2026-42354
Critical

In Sentry, from version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation. This vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance.

PreviousPage 78 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS