CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2021-47933
Critical

WordPress MStore API version 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.

CVE-2021-47932
Critical

WordPress TheCartPress version 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler.

CVE-2021-47923
Critical

OpenCart version 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.

CVE-2026-6104
Critical

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, passing an encoding name containing an embedded NUL byte to mb_convert_encoding() or related mbstring functions causes the code to incorrectly assume that strncasecmp() returning 0 means equal string lengths. This leads to an out-of-bounds read of global memory, potentially causing a crash or information disclosure.

CVE-2026-6722
Critical

PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6 contain a use-after-free vulnerability in the SOAP extension's object deduplication mechanism. Storing pointers to PHP objects in a global map without incrementing reference counts, combined with duplicate keys in an apache:Map node, leads to freed memory and potential remote code execution.

CVE-2025-14179
Critical

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string.

CVE-2026-42601
Critical

ArchiveBox is a web archiving system that, in versions 0.8.6rc0 and prior, has a vulnerability in the /add/ endpoint. The config JSON field is merged into the crawl config without validation, allowing injection of arbitrary tool arguments, leading to remote code execution (RCE).

CVE-2026-42571
Critical

Pelican, a platform for creating data federations, has a privilege escalation vulnerability in the Web User Interface (WebUI) in versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2. This allows authenticated users to gain admin privileges under certain configurations.

CVE-2026-42569
Critical

In phpVMS, a PHP application for simulating airlines, prior to version 7.0.6, a critical vulnerability allowed unauthenticated access to a legacy import feature.

CVE-2026-42560
Critical

Versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2 of the auth library have an issue with mapping Patreon user accounts to a local identifier. All Patreon-authenticated users are treated as a single local user, leading to account mixing and potential privacy breaches.

CVE-2026-44313
Critical

Linkwarden prior to version 2.13.0 had a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function that allowed authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation.

CVE-2026-42454
Critical

Termix is a web-based server management platform that prior to version 2.1.0 did not sanitize or validate URL parameters and WebSocket message fields. This allows an authenticated attacker to inject arbitrary OS commands, leading to Remote Code Execution on managed servers.

CVE-2026-42354
Critical

In Sentry, from version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation. This vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance.

CVE-2026-42302
Critical

FastGPT is an AI Agent building platform that from version 4.14.10 to before 4.14.13 has a vulnerability in the agent-sandbox component. It allows unauthenticated Remote Code Execution (RCE) due to lack of authentication.

CVE-2026-42298
Critical

Postiz to narzędzie do planowania postów w mediach społecznościowych oparte na AI. Przed poprawką da44801 istniała podatność 'Pwn Request', która pozwalała nieautoryzowanym użytkownikom na wykonanie dowolnego kodu podczas procesu budowy obrazu Docker i wykradzenie wysoko uprzywilejowanego tokena GITHUB_TOKEN.

CVE-2026-42287
Critical

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allowed attackers to execute arbitrary SQL commands.

CVE-2026-42193
Critical

Plunk is an open-source email platform that, prior to version 0.9.0, did not verify the SNS signature, certificate, or topic ARN for Amazon SNS notifications at the /webhooks/sns endpoint. This allows attackers to forge webhook requests.

CVE-2026-44694
Critical

n8n-MCP, an MCP server, has an authenticated server-side request forgery vulnerability affecting webhook trigger tools and the n8n API client. This issue exists in versions from 2.18.7 to before 2.50.2 and has been patched in version 2.50.2.

CVE-2026-42160
Critical

Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered 'PENDING' organization/user accounts.

CVE-2026-42072
Critical

In versions prior to 1.0.42-hotfix, the CLI flag --address and the NORNICDB_ADDRESS configuration were not correctly passed to the Bolt server configuration, resulting in the server always listening on all interfaces. This exposes the graph database to the local network with default admin:password credentials.

PreviousPage 82 of 559Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS