CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-12114
Medium

The Team Members – Multi Language Supported Team Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 8.7 inclusive. This is due to insufficient input sanitization and output escaping.

CVE-2026-58302
High

A vulnerability in the rtapi_app component of the linuxcnc-uspace package in LinuxCNC before version 2.9.9 allows privilege escalation. The program is installed SUID root and loads shared library modules via dlopen() using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library, and because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

CVE-2026-12243
High

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` only checks for literal `../` sequences but fails to account for percent-encoded traversal sequences such as `..%2f`. The `url2pathname()` function decodes these sequences after validation, allowing an attacker to bypass the protection.

CVE-2026-8023
HighEPSS 56%

A vulnerability in Zephyr's HTTP server (subsys/net/lib/http) allows an attacker to read arbitrary files outside the configured web root. The issue occurs in static filesystem resource handling (HTTP_RESOURCE_TYPE_STATIC_FS), where the request path is not canonicalized before use, enabling directory traversal via ../ sequences.

CVE-2026-7656
High

A logic error in IPv6 Neighbor Discovery handlers in Zephyr RTOS causes critical checks (Hop Limit == 255, link-local source, multicast sanity) to be bypassed due to incorrect operator precedence. An adjacent or potentially remote attacker can inject forged RA, NS, and NA messages.

CVE-2026-51219
Medium

A heap buffer overflow vulnerability has been discovered in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 versions 2.3.3 through 2.3.6. An attacker can exploit this to cause a Denial of Service (DoS) by sending a crafted payload.

CVE-2026-51218
Medium

A heap buffer overflow was discovered in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3. This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending a crafted packet.

CVE-2026-10648
Medium

In Zephyr RTOS, mcumgr_serial_process_frag() calls net_buf_reset() on the result of smp_packet_alloc() before checking for NULL. When the MCUmgr packet pool (default 4 buffers) is exhausted, smp_packet_alloc() returns NULL, and net_buf_reset() writes through the NULL pointer, causing a system crash. An attacker can flood the serial/UART/shell transport to exhaust the pool and trigger a denial of service.

CVE-2026-57997
Medium

The Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass algorithm restrictions and weaken authentication controls.

CVE-2026-51221
High

A buffer overflow vulnerability in the Get_Attribute_List function of EIPStackGroup OpENer (commit 76b95c) allows an attacker to cause a Denial of Service (DoS) by sending a crafted Common Packet Format (CPF) packet.

CVE-2026-34592
High

In Coolify prior to version 4.0.0-beta.471, server and project lookups are not scoped to the current team. An authenticated user can access servers and projects belonging to other teams by specifying their IDs directly.

CVE-2026-10647
Medium

The USB CDC-NCM driver in Zephyr RTOS ignores the return value of usbd_ep_enqueue(). When enqueue fails (e.g., during USB bus suspend), the function blocks on a semaphore that never signals, causing a permanent deadlock of the TX thread and halting network transmission until reboot.

CVE-2026-55957
High

A missing critical step in authentication was found in Apache Tomcat's JNDIRealm when configured to use GSSAPI. Attackers can authenticate without providing the correct password.

CVE-2026-55956
Medium

An improper authorization vulnerability in Apache Tomcat causes security constraints for the default servlet to ignore any configured HTTP method or method omission. This affects Tomcat versions from 7.0.0 through 11.0.22.

CVE-2026-55955
Medium

A vulnerability in Apache Tomcat allows a replay attack against the EncryptionInterceptor in the cluster component. The issue stems from improper authentication, enabling an attacker to reuse intercepted data.

CVE-2026-55276
Critical

An Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat causes special roles and empty authorization constraints to be omitted when the effective web.xml is logged. Affected versions include 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.0.M1 through 9.0.118, and 8.5.0 through 8.5.100.

CVE-2026-53434
Critical

A vulnerability was found in Apache Tomcat where a detection of error condition without action occurs when configuring CRLs for a FFM based connector. Affected versions are from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, and from 9.0.83 through 9.0.118.

CVE-2026-53404
High

An Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve causes subsequent non-OR conditions to be skipped if the first condition in an OR chain matches.

CVE-2026-50229
Medium

A basic XSS (Cross-Site Scripting) vulnerability was found in the number guess example application in Apache Tomcat. Improper neutralization of script-related HTML tags allows an attacker to inject malicious JavaScript code.

CVE-2026-41896
High

In Coolify prior to 4.0.0-beta.474, the HMAC key for GitHub webhooks can be null, causing an empty string to be used as the key. An attacker can compute a valid signature and trigger unauthorized deployments.

PreviousPage 139 of 4566Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS