CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The E2Pdf – Export Pdf Tool for WordPress plugin is vulnerable to Missing Authorization in versions up to and including 1.32.26. The screen_action() function lacks a dedicated capability check and nonce verification, allowing attackers to overwrite WordPress options.
TypeBot is a chatbot builder tool that in versions prior to 3.17.2 has a vulnerability in SSRF validation. The issue is that the IP validation is not properly tied to subsequent requests, allowing attackers to exploit DNS rebinding to bypass protections.
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).
TypeBot is a chatbot builder tool that has an Insecure Direct Object Reference vulnerability in versions 3.15.2 and below. This allows authenticated users to modify or delete theme templates from other workspaces.
LiquidJS is a Shopify/GitHub Pages compatible template engine that in versions 10.25.7 and below contains a flawed regex in the strip_html filter. This leads to ReDoS attacks via quadratic backtracking, blocking the Node.js event loop.
In versions 10.25.7 and below of the LiquidJS template engine, a vulnerability exists related to the date filter that improperly processes width specifiers, leading to unbounded string concatenation and bypassing memory and render limits.
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers do not verify the SystemBuffer pointer before dereferencing it. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.
In versions prior to 4.2.0 of Steeltoe.Management.Endpoint and 3.4.0 of Steeltoe.Management.EndpointCore, the `Sanitizer` component improperly masks configuration values, allowing full connection strings to be exposed in `/actuator/env` responses. The default suffix list does not cover the standard .NET pattern `ConnectionStrings:<name>` or `Steeltoe:Client:<type>:Default:ConnectionString`.
In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, the `DataCenterInfo.FromJson` method throws an `ArgumentException` for any `name` value other than 'MyOwn' or 'Amazon', leading to issues with service registry deserialization.
Steeltoe is an open source project that provides libraries for building cloud-native applications. In versions 3.2.2 through 3.3.0 and 4.1.0, when management endpoints are configured to listen on an alternate port, the middleware uses the `Host` HTTP header instead of the actual network socket port, leading to potential security vulnerabilities.
e107 is a content management system (CMS), versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In the resize_image() function, the source path is properly escaped, but the destination path is inserted inside raw double quotes, allowing an attacker to inject malicious code.
In versions prior to 0.7.5 of the Windows-MCP project, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS. This allowed attackers to remotely execute PowerShell commands as the Windows user.
The install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 has improper neutralization of argument delimiters, which may allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments.
The PHP Standard Library (PSL) has a vulnerability in versions 6.1.0, 6.1.1, and 6.2.0 related to the lack of validation of the total bytes received in DATA frames against the content-length header in HEADERS frames, allowing request smuggling. A malicious client can send more or fewer DATA bytes than declared, leading to incorrect application behavior.
Tinyproxy through 1.11.3 fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation.
libssh2 up to version 1.11.1 has an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on the packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
In NGINX Plus or NGINX Open Source configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component. User-supplied string values from the NginxProxy Custom Resource Definition access log format setting are rendered without sanitization, allowing for the injection of arbitrary NGINX configuration directives.
A vulnerability has been detected in the SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. It affects an unknown function of the file /index.php of the Student Self-Registration Endpoint, leading to improper access controls.
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects. This vulnerability arises from improper implementations of checkMethodAllowed() and checkPropertyAllowed() in the custom Twig SecurityPolicy.
The use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to correlate an installed application with an unrelated, attacker-controlled catalog package.

