CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2022-45813
Medium

CVE-2022-45813 is a vulnerability in the BeRocket Advanced AJAX Product Filters plugin that has a missing authorization issue, allowing exploitation of incorrectly configured access control security levels.

CVE-2026-53911
Medium

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. This enabled an authenticated attacker to craft edit requests that could modify unrelated records.

CVE-2026-11850
Medium

An integer underflow vulnerability was found in the berval2tl_data() function in MIT krb5, which can lead to out-of-bounds memory reads. The issue occurs when the buffer length (bv_len) is 0 or 1, causing incorrect calculations and reading up to 65534 bytes from a 0-1 byte buffer.

CVE-2025-7064
Medium

CVE-2025-7064 affects the ABB Freelance system and allows authentication bypass due to a primary weakness. It impacts Freelance versions from 2013 to 2024.

CVE-2022-44630
Medium

CSRF vulnerability in YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This affects versions from n/a through 1.16.0.

CVE-2022-42479
Medium

TemplateHouse Soledad has a missing authorization vulnerability that allows access to functionality not properly constrained by access control lists (ACLs). This issue affects Soledad from n/a through 8.2.5.

CVE-2024-32110
Medium

CVE-2024-32110 describes a Cross-Site Request Forgery (CSRF) vulnerability in Magepeople inc.'s WpEvently, allowing for CSRF attacks.

CVE-2023-40200
Medium

CVE-2023-40200 is a vulnerability in the WP Logo Showcase Responsive Slider and Carousel plugin that allows authorization bypass through a user-controlled key. This issue affects versions from n/a to 3.6.

CVE-2026-41001
Medium

Spring Boot uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker can pre-create this predictable directory or place a symlink before the application starts.

CVE-2026-40997
Medium

Several Spring WS integration paths with Spring Security could expose detailed account state information, such as locked or disabled user accounts, through exception messages or callback outcomes. This behavior assists remote attackers in distinguishing valid accounts from invalid ones.

CVE-2026-40996
Medium

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 encrypted key material unless operators explicitly reconfigured the flag.

CVE-2026-40995
Medium

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken for a certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks.

CVE-2026-40992
Medium

Spring Boot does not enable hostname verification in mail auto-configuration. Applications that set the relevant JavaMail property are not affected.

CVE-2026-40986
Medium

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not 'text/html'. This can lead to a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker.

CVE-2026-40985
Medium

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.

CVE-2026-2827
Medium

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'oum_location_notification' parameter in versions up to and including 1.4.31 due to insufficient input sanitization and output escaping.

CVE-2026-53465
Medium

ImageMagick prior to version 7.1.2-25 contained a vulnerability that allowed for a heap buffer over-write when encoding a crafted multi-frame image with the SF3 encoder.

CVE-2026-53464
Medium

ImageMagick prior to version 7.1.2-25 has a small memory leak issue when providing invalid options to the wand option parser.

CVE-2026-53463
Medium

ImageMagick prior to versions 6.9.13-50 and 7.1.2-25 had a vulnerability that led to a null pointer dereference when passing incorrect arguments in the distort operation. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

CVE-2026-53462
Medium

ImageMagick prior to versions 6.9.13-50 and 7.1.2-25 has a memory allocation issue in CheckPrimitiveExtent, which can lead to a heap-use-after-free error and application crash.

PreviousPage 113 of 511Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS