CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
CVE-2026-56012 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection attacks in the David Lingren Media Library Assistant application.
UBB.threads is vulnerable to Denial of Service (DoS). An authenticated attacker can send multiple concurrent requests to view any user profile, leading to exhaustion of database resources and complete denial of access to the application for other users.
UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server, resulting in Remote Code Execution.
UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials.
uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions.
In the Woodpecker CI/CD engine, from version 3.0.0 to 3.14.1, a vulnerability in the gRPC layer allowed authenticated agents to impersonate other agents on the same server by injecting a forged `agent_id` value into outgoing gRPC metadata. Version 3.14.1 patches this issue.
In some shadow paging error paths, page tables may be switched without updating the currently running vCPU reference. This can lead to a mismatch between the loaded page tables and the mapcache metadata, potentially resulting in corruption of the mapcache.
Access to HVM guest I/O ports is subject to emulation or at least translation, which requires synchronization with updates. The current implementation lacks synchronization when handling these accesses.
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de. The issue arises from an IP address parameter being passed to the 'exec()' function without proper validation, allowing attackers to execute arbitrary operating system commands.
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the 'tarifflist.php' module due to insufficient sanitization of the POST 'tg[]' parameter. This allows authenticated attackers to perform Error-Based SQL injection and extract sensitive database information.
The vulnerability allows local privilege escalation by loading malicious DLLs from a shared temporary directory in DFIR-ORC versions 10.2.7 and prior. An attacker with access to the system can place a malicious DLL in C:\Windows\Temp, enabling automatic loading when the application is executed with administrative privileges.
An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. An authenticated client with low-privilege tokens can access high-privilege tools by using an older protocol version.
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory.
Cotonti 1.0.0 is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. An authenticated user can store HTML/JavaScript in a folder title, leading to the execution of the injected script in other users' browsers.
Cotonti version 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. The file upload action ('a=upload') does not validate the anti-CSRF token, allowing a remote attacker to upload arbitrary files to the victim's PFS storage.
Cotonti 1.0.0 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. The configuration update action ('a=update') processes POST data without validating the anti-CSRF token, allowing for modification of configuration options through forged requests.
The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 5.0.0, allowing unauthenticated attackers to make web requests to arbitrary locations originating from the web application.
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 1.10.2 via the 'account-id' parameter. This is due to insufficient privilege enforcement on the cf_images_do_setup AJAX handler, allowing authenticated attackers with author-level access to execute code on the server.
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system.
The E2Pdf – Export Pdf Tool for WordPress plugin is vulnerable to Missing Authorization in versions up to and including 1.32.26. The screen_action() function lacks a dedicated capability check and nonce verification, allowing attackers to overwrite WordPress options.

