CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Versions of Profile Builder Pro <= 3.15.0 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of Kapee below 1.7.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.
The salon booking system versions up to 10.30.24 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.
Versions of collectchat <= 2.4.9 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is an unauthenticated PHP Object Injection vulnerability in Valeska <= 1.2.2 versions.
There is an unauthenticated PHP Object Injection vulnerability in Behold <= 1.5 versions.
There is a vulnerability in Esmée versions <= 1.4 that allows unauthenticated PHP object injection.
Léonie versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.
There is an unauthenticated PHP Object Injection vulnerability in TechLink versions <= 1.3.
There is an unauthenticated PHP Object Injection vulnerability in Roisin <= 1.4 versions.
There is an unauthenticated PHP Object Injection vulnerability in EasyMeals versions <= 1.5.1.
Ashtanga versions up to 1.2 are vulnerable to unauthenticated PHP object injection.
LuxeDrive versions up to 1.4 are vulnerable to unauthenticated PHP object injection.
There is an unauthenticated PHP Object Injection vulnerability in Laurits <= 1.5.1 versions.
There is an unauthenticated PHP Object Injection vulnerability in Reina <= 2.1 versions.
There is an unauthenticated local file inclusion vulnerability in ChapterOne versions <= 1.7.
Versions of Stripe up to 1.3.14 have an issue with unauthenticated access in the user registration process.
Versions of Element Pack Pro up to 9.0.6 are vulnerable to local file inclusion, potentially allowing attackers to access sensitive data on the server.
A vulnerability in Kodezen LLC Academy LMS Pro allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.
The WPZOOM Addons for Elementor plugin versions up to 1.3.4 contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can exploit this flaw to inject malicious JavaScript code.

