CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Versions of Stripe up to 1.3.12 have a vulnerability in unauthenticated access that allows unauthorized access to user registration functions.
There is an unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine versions <= 3.8.9.1. An attacker can exploit this flaw to inject malicious scripts in the user's context.
CVE-2026-49073 describes an improper neutralization of special elements used in SQL commands, leading to the possibility of Blind SQL Injection attacks in the wpWax Directorist Booking plugin.
JobSearch versions up to 3.2.7 contain a vulnerability in access control that allows unauthorized access to resources.
There is a SQL Injection vulnerability in Geo Mashup versions <= 1.13.19 that may allow unauthorized access to the database.
Rocket.Chat versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 are vulnerable to unauthenticated file deletion. The deleteFileMessage method allows for the permanent deletion of any uploaded file by ID without requiring authentication.
Versions of Enfold <= 7.1.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Remark42, a comment engine for blogs, has an XSS vulnerability in versions 1.6.0 through 1.15.0 that can be exploited through content-type spoofing. An attacker can use this flaw to inject malicious HTML/JavaScript code into a document within Remark42.
The 'ws' WebSocket library for Node.js is vulnerable to a memory exhaustion DoS attack. An attacker can send a high volume of very small data fragments, forcing the server to allocate wrapper structures that consume far more memory than the default message-size limit, leading to process termination due to OOM.
PowerPack Pro for Elementor versions below 2.13.0 contain a vulnerability in authentication that allows unauthorized access.
Versions of Profile Builder Pro <= 3.15.0 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of Kapee below 1.7.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.
The salon booking system versions up to 10.30.24 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.
Versions of collectchat <= 2.4.9 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is an unauthenticated PHP Object Injection vulnerability in Valeska <= 1.2.2 versions.
There is an unauthenticated PHP Object Injection vulnerability in Behold <= 1.5 versions.
There is a vulnerability in Esmée versions <= 1.4 that allows unauthenticated PHP object injection.
Léonie versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.
There is an unauthenticated PHP Object Injection vulnerability in TechLink versions <= 1.3.
There is an unauthenticated PHP Object Injection vulnerability in Roisin <= 1.4 versions.

