CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-5667
High

A vulnerability related to the use of hard-coded credentials in various Mitsubishi Electric products, such as air conditioners and ventilation devices. An attacker within Wi-Fi range can access the device using a hard-coded SSID and password.

CVE-2026-54805
High

Falang multilanguage versions up to 1.4.2 contain a vulnerability that allows subscribers to escalate privileges.

CVE-2026-54804
High

Versions of Melhor Envio up to 2.16.3 contain a vulnerability in the subscriber authentication mechanism, which may lead to unauthorized access.

CVE-2026-54802
High

Versions of SMS Alert Order Notifications up to 3.9.3 contain a vulnerability in authentication that allows unauthorized access.

CVE-2026-54195
High

Versions of JetFormBuilder <= 3.6.0.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-54192
High

Popup box versions up to 6.2.9 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.

CVE-2026-54189
High

Versions of JetEngine up to 3.8.10 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-54188
High

Versions of JetEngine up to 3.8.10 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-54185
High

Subscriber SQL Injection vulnerability in Cornerstone versions below 7.8.8 allows attackers to execute malicious SQL queries.

CVE-2026-54184
High

In Clean Login versions <= 1.15, there is a vulnerability to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

CVE-2026-53876
HighEPSS 75%

The RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with root privileges by a user who logs in to the web console as an administrator.

CVE-2026-52698
High

Versions of PushEngage up to 4.2.3 have a vulnerability that allows the exposure of subscriber sensitive data. This issue affects web push notifications and eCommerce automation.

CVE-2026-52696
High

In JetBlog versions up to 2.4.8, there is a vulnerability allowing unauthorized access to sensitive data.

CVE-2026-49778
High

Versions of WPFunnels Pro up to 2.9.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-49113
High

In Cornerstone versions below 7.8.8, there is a vulnerability allowing arbitrary code execution by a subscriber.

CVE-2026-49081
High

Versions of Stripe up to 1.3.12 have a vulnerability in unauthenticated access that allows unauthorized access to user registration functions.

CVE-2026-49074
High

There is an unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine versions <= 3.8.9.1. An attacker can exploit this flaw to inject malicious scripts in the user's context.

CVE-2026-49073
High

CVE-2026-49073 describes an improper neutralization of special elements used in SQL commands, leading to the possibility of Blind SQL Injection attacks in the wpWax Directorist Booking plugin.

CVE-2026-49057
High

JobSearch versions up to 3.2.7 contain a vulnerability in access control that allows unauthorized access to resources.

CVE-2026-48967
High

There is a SQL Injection vulnerability in Geo Mashup versions <= 1.13.19 that may allow unauthorized access to the database.

PreviousPage 95 of 3321Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS