CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-57658
Critical

The vulnerability allows an administrator to arbitrarily upload files in TemplateSpare versions up to and including 4.2.0. An attacker with administrator privileges can upload a malicious file to the server.

CVE-2026-56070
Critical

The Advance Product Search plugin version 1.4.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can send specially crafted queries to execute arbitrary SQL commands on the database.

CVE-2026-56068
Critical

The JetEngine plugin for WordPress versions 3.8.10.2 and earlier contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. This vulnerability allows unauthorized database queries to be executed.

CVE-2026-56067
Critical

The JetSmartFilters plugin versions up to 3.8.3 contain an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows executing arbitrary SQL queries on the database.

CVE-2026-56062
Critical

Unauthenticated SQL injection vulnerability in Quotes llama plugin versions up to 3.1.5. An attacker without authentication can execute arbitrary SQL queries.

CVE-2026-56059
Critical

In the Travel Booking plugin version 2.2.5 and earlier, a vulnerability was found that allows a subscriber-level user to upload arbitrary files to the server. This flaw can be exploited to upload malicious software.

CVE-2026-56058
Critical

A vulnerability in the Quform plugin versions up to 2.23.0 allows a subscriber-level user to upload arbitrary files to the server. An attacker can exploit this flaw to upload a malicious file, potentially leading to full site compromise.

CVE-2026-56057
Critical

The Uncanny Automator Pro plugin version 7.3.0.6 and earlier is vulnerable to PHP Object Injection via a Subscriber role. An attacker can remotely execute arbitrary code on the server.

CVE-2026-56036
Critical

Unauthenticated SQL injection vulnerability in WordPress 결제 심플페이 plugin versions up to 5.5.6. An unauthenticated attacker can execute arbitrary SQL queries.

CVE-2026-56034
Critical

An unauthenticated SQL Injection vulnerability exists in Library Management System versions 3.5.7 and earlier. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.

CVE-2026-56033
Critical

A vulnerability in the Dokan Pro plugin version 5.0.4 and earlier allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.

CVE-2026-56032
Critical

The vulnerability in Buddyboss Platform versions up to 3.0.4 allows subscribers to perform PHP object injection. An attacker can exploit this flaw to execute arbitrary code on the server.

CVE-2026-56030
Critical

A vulnerability in the Paytium plugin versions up to 5.0.2 allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.

CVE-2026-56028
Critical

The Easy Elements for Elementor plugin versions 1.4.9 and earlier contain a vulnerability allowing unauthenticated privilege escalation. This flaw stems from insufficient permission checks within the plugin's functionality.

CVE-2026-56027
Critical

The Booster for WooCommerce plugin version 8.0.1 and earlier allows unauthorized arbitrary file upload by customers. This vulnerability can be exploited to upload malicious software to the server.

CVE-2026-54831
Critical

The GeoDirectory plugin in versions up to 2.8.162 contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows unauthorized database queries to be executed.

CVE-2026-54827
Critical

SQL Injection vulnerability in Real Estate 7 plugin versions up to 3.5.9 allows unauthenticated attackers to inject malicious SQL code. This can lead to unauthorized database access and data leakage.

CVE-2026-54825
Critical

The wpDataTables plugin in versions 7.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.

CVE-2026-54820
Critical

SQL Injection vulnerability in JetBooking plugin versions up to 4.0.4.1 allows an unauthenticated attacker to inject malicious SQL code into database queries.

CVE-2025-64152
Critical

A path traversal vulnerability has been discovered in Apache IoTDB, allowing access to files outside the restricted directory. The issue affects versions from 1.0.0 to 1.3.5 and from 2.0.0 to 2.0.6.

PreviousPage 12 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS