CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-42385
High

Versions of Profile Builder Pro <= 3.15.0 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-41557
High

Versions of Kapee below 1.7.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.

CVE-2026-40768
High

The salon booking system versions up to 10.30.24 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

CVE-2026-40765
High

Versions of collectchat <= 2.4.9 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-40761
High

There is an unauthenticated PHP Object Injection vulnerability in Valeska <= 1.2.2 versions.

CVE-2026-40760
High

There is an unauthenticated PHP Object Injection vulnerability in Behold <= 1.5 versions.

CVE-2026-40759
High

There is a vulnerability in Esmée versions <= 1.4 that allows unauthenticated PHP object injection.

CVE-2026-40758
High

Léonie versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.

CVE-2026-40755
High

There is an unauthenticated PHP Object Injection vulnerability in TechLink versions <= 1.3.

CVE-2026-40754
High

There is an unauthenticated PHP Object Injection vulnerability in Roisin <= 1.4 versions.

CVE-2026-40753
High

There is an unauthenticated PHP Object Injection vulnerability in EasyMeals versions <= 1.5.1.

CVE-2026-40751
High

Ashtanga versions up to 1.2 are vulnerable to unauthenticated PHP object injection.

CVE-2026-40739
High

LuxeDrive versions up to 1.4 are vulnerable to unauthenticated PHP object injection.

CVE-2026-40736
High

There is an unauthenticated PHP Object Injection vulnerability in Laurits <= 1.5.1 versions.

CVE-2026-40735
High

There is an unauthenticated PHP Object Injection vulnerability in Reina <= 2.1 versions.

CVE-2026-40731
High

There is an unauthenticated local file inclusion vulnerability in ChapterOne versions <= 1.7.

CVE-2026-40726
High

Versions of Stripe up to 1.3.14 have an issue with unauthenticated access in the user registration process.

CVE-2026-40721
High

Versions of Element Pack Pro up to 9.0.6 are vulnerable to local file inclusion, potentially allowing attackers to access sensitive data on the server.

CVE-2026-39598
High

A vulnerability in Kodezen LLC Academy LMS Pro allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.

CVE-2026-39597
High

The WPZOOM Addons for Elementor plugin versions up to 1.3.4 contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can exploit this flaw to inject malicious JavaScript code.

PreviousPage 97 of 3334Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS