CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-9576
Medium

The Fluent Booking WordPress plugin before version 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint. Users with at least the Calendar Manager role can retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.

CVE-2026-56809
Medium

Multiple laser printers and MFPs implementing Ricoh Web Image Monitor are vulnerable to reflected cross-site scripting (XSS). An attacker can execute arbitrary scripts in the victim's browser by tricking them into clicking a crafted URL.

CVE-2026-56808
HighEPSS 72%

The DGM3103SCT device from AVTECH Security Corporation contains an OS command injection vulnerability. A user who can log in to the web management console can execute arbitrary commands with root privileges.

CVE-2026-56137
High

RPG MAKER MV and MZ from Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. Loading a specially crafted save file may execute arbitrary OS commands.

CVE-2026-14164
High

A double free vulnerability has been found in libarchive's RAR5 reader. During processing of a specially crafted RAR5 archive, the filtered_buf pointer may become stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition.

CVE-2026-12819
Critical

Delta Electronics DVP12SE PLC exposes a Modbus TCP service without authentication or access control, allowing unauthenticated attackers to interact with security-sensitive PLC functions.

CVE-2026-12818
Critical

Delta Electronics DVP12SE PLCs are vulnerable to an unlimited resource allocation attack in their Modbus TCP service. The lack of limits or throttling can lead to resource exhaustion.

CVE-2026-12240
High

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to and including 2.2.6. This allows authenticated attackers with subscriber-level access or higher to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CVE-2026-11590
High

The WP Support Plus Responsive Ticket System WordPress plugin up to version 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.

CVE-2026-11589
High

The WP Support Plus Responsive Ticket System WordPress plugin through version 9.1.2 fails to properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.

CVE-2026-11581
Medium

The Kali Forms WordPress plugin before 2.4.13 does not sanitize a form field's caption before outputting it as a column header on the admin form-entries screen. Users with Contributor-level access or above can inject JavaScript that executes in an administrator's session. A missing capability check in the post-duplication action allows the Contributor to publish the malicious form so an administrator renders it.

CVE-2026-8944
Medium

The Plugin for Google Analytics by IO technologies for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page (ga.php), allowing unauthenticated attackers to update the plugin's stored Google Analytics tracking ID option (io-ga-id) via a forged request, provided they can trick a site administrator into clicking a link.

CVE-2026-12560
Medium

The Editorial Rating – Product Review & Rating System plugin for WordPress up to version 4.0.5 is vulnerable to Stored Cross-Site Scripting via the 'Link URL' field due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts that execute when users access the affected page.

CVE-2026-12349
Medium

The Premium Addons for KingComposer plugin for WordPress up to version 1.1.1 is vulnerable to unauthorized modification and data loss. Missing authorization and capability checks in the add_custom_sidebar() and remove_custom_sidebar() AJAX handlers allow unauthenticated attackers to create or delete custom widget areas, potentially causing widgets to silently lose registration and stop rendering.

CVE-2026-12073
Critical

The ProfileGrid plugin for WordPress up to version 5.9.9.5 contains a privilege escalation vulnerability via account takeover. Lack of validation of the `user_login` parameter in registration forms and improper error handling allow unauthenticated attackers to change the email address of the user account with ID=1 (typically an administrator), then reset the password and gain access.

CVE-2026-11367
Medium

The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 1.7.2 via the move_image_on_server function. This allows authenticated attackers with author-level access or above to write files with attacker-controlled content to arbitrary locations on the server.

CVE-2026-14160
Medium

A Time-of-check time-of-use (TOCTOU) race condition vulnerability has been discovered in Samsung Open Source Escargot. This flaw allows leveraging race conditions to compromise data integrity.

CVE-2026-12114
Medium

The Team Members – Multi Language Supported Team Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 8.7 inclusive. This is due to insufficient input sanitization and output escaping.

CVE-2026-58302
High

A vulnerability in the rtapi_app component of the linuxcnc-uspace package in LinuxCNC before version 2.9.9 allows privilege escalation. The program is installed SUID root and loads shared library modules via dlopen() using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library, and because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

CVE-2026-12243
High

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` only checks for literal `../` sequences but fails to account for percent-encoded traversal sequences such as `..%2f`. The `url2pathname()` function decodes these sequences after validation, allowing an attacker to bypass the protection.

PreviousPage 112 of 4531Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS