CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-40757
High

Château versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.

CVE-2026-40756
High

Zoya versions up to 1.4 contain a vulnerability to unauthenticated PHP object injection, which may lead to unauthorized access to the system.

CVE-2026-40752
High

There is an unauthenticated PHP Object Injection vulnerability in Manufaktur Solutions versions <= 1.1.1.

CVE-2026-40738
High

There is a vulnerability in Eldon versions up to 1.4.1 that allows unauthenticated PHP object injection.

CVE-2026-40733
High

There is an unauthenticated PHP Object Injection vulnerability in ShiftUp versions up to 1.3.

CVE-2026-40720
High

Versions of Royal Elementor Addons Pro below 1.7.1041 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-39590
High

There is an unauthenticated local file inclusion vulnerability in Atomlab versions <= 2.4.5.

CVE-2026-39576
High

There is an unauthenticated PHP Object Injection vulnerability in SingleMalt <= 1.5 versions.

CVE-2026-39560
High

Hiroshi versions up to 1.5.1 are vulnerable to unauthenticated PHP object injection.

CVE-2026-39559
High

Uppercase versions below 1.2.2 are vulnerable to unauthenticated local file inclusion.

CVE-2026-39556
High

There is an unauthenticated PHP Object Injection vulnerability in Konsept <= 1.9 versions.

CVE-2026-39523
High

There is an unauthenticated local file inclusion vulnerability in Solene Core versions <= 2.3.2.

CVE-2026-39445
High

In Alukas versions below 3.0.0, there is an unauthenticated PHP Object Injection vulnerability.

CVE-2026-39442
High

There is an unauthenticated PHP Object Injection vulnerability in PressMart versions <= 1.2.26.

CVE-2026-10641
High

In the Bluetooth Classic Hands-Free Profile (HFP) implementation in Zephyr OS, an out-of-bounds write vulnerability was found. During processing of AT+CIND: response from an Audio Gateway (AG) device, the cind_handle_values() function writes data to the ind_table[] array without verifying that the index does not exceed its size (20 elements). A remote, malicious or compromised Bluetooth peer can send a response with more than 20 entries, causing a write beyond the array and memory corruption.

CVE-2025-69189
High

The EMV JobBank has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2025-69175
High

There is an unauthenticated local file inclusion vulnerability in Line Agency versions <= 1.3.1.

CVE-2025-69174
High

Versions of Etude up to 1.6 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.

CVE-2025-69170
High

There is an unauthenticated local file inclusion vulnerability in Eventicity versions <= 1.5.

CVE-2025-69166
High

Gunslinger versions up to 1.7 are vulnerable to unauthenticated local file inclusion.

PreviousPage 93 of 3315Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS