CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.07)
The ProfileGrid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function in all versions up to 5.9.9.2 due to insufficient input sanitization and output escaping.
CVE-2026-10857 describes improper neutralization of input during web page generation, leading to Reflected XSS vulnerabilities in AKIN Software's e-Commerce.
The Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, allowing the publication of a malicious extension with an SVG icon. This leads to stored XSS attacks when a user navigates directly to the icon URL.
The Frontend File Manager Plugin for WordPress through version 23.6 does not sanitize or escape a filename submitted to the frontend file-rename endpoint, leading to a Stored Cross-Site Scripting vulnerability.
The Infility Global plugin for WordPress before version 2.15.20 does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks. This allows authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database.
A flaw in OpenSSH allows a local unprivileged attacker to hijack forwarded X11 connections. The attack pre-binds the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input.
A double free vulnerability was found in OpenSSH in the Diffie-Hellman Group Exchange (DH-GEX) client path during FIPS mode known-group validation. A malicious SSH server can exploit this by sending crafted DH-GEX group parameters, causing client process termination and Denial of Service (DoS).
In Zephyr's ext2 directory-entry parser, the on-disk entry structure is not fully validated before copying the entry name and advancing traversal state. A crafted ext2 image can cause an out-of-bounds read from the directory block buffer or an infinite loop.
vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, an incomplete fix for CVE-2026-22778 allows memory addresses to leak in error messages, potentially exposing memory information in responses to clients.
vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, temperature validation used comparison operators that incorrectly handled NaN and positive Infinity, leading to undefined behavior or CUDA errors.
vLLM is an inference and serving engine for large language models. Prior to version 0.23.1rc0, the /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output, which could lead to excessive resource consumption.
vLLM is an inference and serving engine for large language models. In versions prior to 0.22.0, revision pinning controls do not consistently apply to all artifacts loaded for a model, potentially leading to the loading of unverified components.
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin.
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function. These paths pass the script-protocol check but resolve to a cross-origin URL against the current page protocol.
n8n versions before 1.123.15 and 2.5.0 contain a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events.
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads. Attackers can use path-normalization techniques to redirect users to attacker-controlled sites.
Capgo (backend of Supabase edge functions) before version 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes. This allows unauthenticated requests to reach the handler instead of being rejected at the middleware layer.
Capgo before version 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information.
Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers resulting in NaN or falsy values.
Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement.

