CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-12407
High

The E2Pdf – Export Pdf Tool for WordPress plugin is vulnerable to Missing Authorization in versions up to and including 1.32.26. The screen_action() function lacks a dedicated capability check and nonce verification, allowing attackers to overwrite WordPress options.

CVE-2026-48764
High

TypeBot is a chatbot builder tool that in versions prior to 3.17.2 has a vulnerability in SSRF validation. The issue is that the IP validation is not properly tied to subsequent requests, allowing attackers to exploit DNS rebinding to bypass protections.

CVE-2026-53676
High

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).

CVE-2026-48759
High

TypeBot is a chatbot builder tool that has an Insecure Direct Object Reference vulnerability in versions 3.15.2 and below. This allows authenticated users to modify or delete theme templates from other workspaces.

CVE-2026-45617
High

LiquidJS is a Shopify/GitHub Pages compatible template engine that in versions 10.25.7 and below contains a flawed regex in the strip_html filter. This leads to ReDoS attacks via quadratic backtracking, blocking the Node.js event loop.

CVE-2026-45357
High

In versions 10.25.7 and below of the LiquidJS template engine, a vulnerability exists related to the date filter that improperly processes width specifiers, leading to unbounded string concatenation and bypassing memory and render limits.

CVE-2026-8050
High

In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers do not verify the SystemBuffer pointer before dereferencing it. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.

CVE-2026-50200
High

In versions prior to 4.2.0 of Steeltoe.Management.Endpoint and 3.4.0 of Steeltoe.Management.EndpointCore, the `Sanitizer` component improperly masks configuration values, allowing full connection strings to be exposed in `/actuator/env` responses. The default suffix list does not cover the standard .NET pattern `ConnectionStrings:<name>` or `Steeltoe:Client:<type>:Default:ConnectionString`.

CVE-2026-50196
High

In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, the `DataCenterInfo.FromJson` method throws an `ArgumentException` for any `name` value other than 'MyOwn' or 'Amazon', leading to issues with service registry deserialization.

CVE-2026-50194
High

Steeltoe is an open source project that provides libraries for building cloud-native applications. In versions 3.2.2 through 3.3.0 and 4.1.0, when management endpoints are configured to listen on an alternate port, the middleware uses the `Host` HTTP header instead of the actual network socket port, leading to potential security vulnerabilities.

CVE-2026-48997
HighEPSS 50%

e107 is a content management system (CMS), versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In the resize_image() function, the source path is properly escaped, but the destination path is inserted inside raw double quotes, allowing an attacker to inject malicious code.

CVE-2026-48989
High

In versions prior to 0.7.5 of the Windows-MCP project, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS. This allowed attackers to remotely execute PowerShell commands as the Windows user.

CVE-2026-12530
High

The install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 has improper neutralization of argument delimiters, which may allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments.

CVE-2026-48979
High

The PHP Standard Library (PSL) has a vulnerability in versions 6.1.0, 6.1.1, and 6.2.0 related to the lack of validation of the total bytes received in DATA frames against the content-length header in HEADERS frames, allowing request smuggling. A malicious client can send more or fewer DATA bytes than declared, leading to incorrect application behavior.

CVE-2026-55202
High

Tinyproxy through 1.11.3 fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation.

CVE-2026-55200
High

libssh2 up to version 1.11.1 has an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on the packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

CVE-2026-50107
High

In NGINX Plus or NGINX Open Source configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component. User-supplied string values from the NginxProxy Custom Resource Definition access log format setting are rendered without sanitization, allowing for the injection of arbitrary NGINX configuration directives.

CVE-2026-12529
High

A vulnerability has been detected in the SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. It affects an unknown function of the file /index.php of the Student Self-Registration Endpoint, leading to improper access controls.

CVE-2026-11407
High

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects. This vulnerability arises from improper implementations of checkMethodAllowed() and checkPropertyAllowed() in the custom Twig SecurityPolicy.

CVE-2026-10696
High

The use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to correlate an installed application with an unrelated, attacker-controlled catalog package.

PreviousPage 87 of 3314Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS