CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-49081
High

Versions of Stripe up to 1.3.12 have a vulnerability in unauthenticated access that allows unauthorized access to user registration functions.

CVE-2026-49074
High

There is an unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine versions <= 3.8.9.1. An attacker can exploit this flaw to inject malicious scripts in the user's context.

CVE-2026-49073
High

CVE-2026-49073 describes an improper neutralization of special elements used in SQL commands, leading to the possibility of Blind SQL Injection attacks in the wpWax Directorist Booking plugin.

CVE-2026-49057
High

JobSearch versions up to 3.2.7 contain a vulnerability in access control that allows unauthorized access to resources.

CVE-2026-48967
High

There is a SQL Injection vulnerability in Geo Mashup versions <= 1.13.19 that may allow unauthorized access to the database.

CVE-2026-48929
High

Rocket.Chat versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 are vulnerable to unauthenticated file deletion. The deleteFileMessage method allows for the permanent deletion of any uploaded file by ID without requiring authentication.

CVE-2026-48869
High

Versions of Enfold <= 7.1.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-48788
High

Remark42, a comment engine for blogs, has an XSS vulnerability in versions 1.6.0 through 1.15.0 that can be exploited through content-type spoofing. An attacker can use this flaw to inject malicious HTML/JavaScript code into a document within Remark42.

CVE-2026-48779
HighEPSS 52%

The 'ws' WebSocket library for Node.js is vulnerable to a memory exhaustion DoS attack. An attacker can send a high volume of very small data fragments, forcing the server to allocate wrapper structures that consume far more memory than the default message-size limit, leading to process termination due to OOM.

CVE-2026-42629
High

PowerPack Pro for Elementor versions below 2.13.0 contain a vulnerability in authentication that allows unauthorized access.

CVE-2026-42385
High

Versions of Profile Builder Pro <= 3.15.0 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-41557
High

Versions of Kapee below 1.7.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.

CVE-2026-40768
High

The salon booking system versions up to 10.30.24 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

CVE-2026-40765
High

Versions of collectchat <= 2.4.9 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-40761
High

There is an unauthenticated PHP Object Injection vulnerability in Valeska <= 1.2.2 versions.

CVE-2026-40760
High

There is an unauthenticated PHP Object Injection vulnerability in Behold <= 1.5 versions.

CVE-2026-40759
High

There is a vulnerability in Esmée versions <= 1.4 that allows unauthenticated PHP object injection.

CVE-2026-40758
High

Léonie versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.

CVE-2026-40755
High

There is an unauthenticated PHP Object Injection vulnerability in TechLink versions <= 1.3.

CVE-2026-40754
High

There is an unauthenticated PHP Object Injection vulnerability in Roisin <= 1.4 versions.

PreviousPage 96 of 3328Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS