CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-49502
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.

CVE-2026-42530
HighEPSS 87%

NGINX Open Source has a vulnerability in the ngx_http_v3_module. When configured with the HTTP/3 QUIC module, a remote unauthenticated attacker, under specific conditions, can use a crafted HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and a restart. On systems with ASLR disabled or bypassed, code execution is possible.

CVE-2026-42055
HighEPSS 85%

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. It occurs when proxy_http_version 2 or grpc_pass directives are used for HTTP/2 proxying, ignore_invalid_headers is set to off, and large_client_header_buffers size exceeds 2 MB. A remote unauthenticated attacker can send large headers causing a heap-based buffer overflow in the NGINX worker process, leading to a restart or potential code execution.

CVE-2026-35066
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVE-2026-35065
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.

CVE-2026-32804
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.

CVE-2026-22283
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

CVE-2026-11311
High

In NGINX Gateway Fabric, when NGINX Plus is configured as the data plane, an injection vulnerability exists in the NGINX configuration generator component. User-supplied string values from the serverTokens field of the NginxProxy Custom Resource Definition and the extraAuthArgs field of the AuthenticationFilter Custom Resource Definition are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may inject arbitrary NGINX configuration directives.

CVE-2026-55738
High

A stack-based buffer overflow exists in the raw_to_header() function in rxi microtar 0.1.0. The function copies the name and linkname fields of a TAR header without guaranteeing null termination, potentially leading to out-of-bounds read and stack buffer overflow.

CVE-2026-54818
High

CVE-2026-54818 describes an improper neutralization of special elements used in an SQL command, allowing for Blind SQL Injection in Slimstat Analytics.

CVE-2026-54816
High

CVE-2026-54816 describes an improper control of code generation vulnerability that allows remote code inclusion in Monetizemore Advanced Ads. This issue affects Advanced Ads versions from n/a through 2.0.21.

CVE-2026-54814
High

CVE-2026-54814 describes improper control of filename for include/require statements in PHP, allowing for local file inclusion. This affects the Motors theme from n/a through 1.4.109.

CVE-2026-54813
High

CVE-2026-54813 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in Brainstorm Force SureDash. This issue affects SureDash versions from n/a through 1.8.0.

CVE-2026-54417
High

An integer overflow in the mtar_next() function in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service via a crafted tar archive. The issue occurs when the header size is a multiple of 512 in a specific range, leading to an infinite loop.

CVE-2026-54193
High

In Fusion Builder versions <= 3.15.4, there is a vulnerability that allows arbitrary file deletion by users with appropriate permissions.

CVE-2026-52707
High

Versions of Kastell <= 2.0 are vulnerable to unauthenticated local file inclusion, which may lead to the disclosure of sensitive information.

CVE-2026-40757
High

Château versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.

CVE-2026-40756
High

Zoya versions up to 1.4 contain a vulnerability to unauthenticated PHP object injection, which may lead to unauthorized access to the system.

CVE-2026-40752
High

There is an unauthenticated PHP Object Injection vulnerability in Manufaktur Solutions versions <= 1.1.1.

CVE-2026-40738
High

There is a vulnerability in Eldon versions up to 1.4.1 that allows unauthenticated PHP object injection.

PreviousPage 90 of 3332Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS