CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-12408
Medium

The Slim SEO plugin for WordPress up to version 4.9.8 contains a vulnerability allowing unauthorized disclosure of private content. The issue is in the REST API endpoint `/wp-json/slim-seo/meta-tags/ai`, which does not properly verify user permissions to read a specific post, enabling authenticated attackers with Contributor-level access or higher to retrieve summaries of any post's content, including private, draft, pending, future, and password-protected posts.

CVE-2026-10540
Medium

Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects unsupported versions 9.0.20.x and potentially earlier unsupported versions.

CVE-2026-10096
Medium

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in versions up to and including 1.4.9. Missing validation on the 'page_id' parameter allows authenticated attackers with author-level access or higher to modify Qi Blocks styles of arbitrary posts, templates, or widgets they do not own, including site-wide surfaces via reserved 'template' and 'widget' values.

CVE-2026-11887
Medium

The Salon Booking System WordPress plugin before version 10.30.20 lacks proper authorization checks on one of its AJAX actions, allowing any authenticated user (e.g., a subscriber) to modify a plugin setting and bypass manual approval of new bookings.

CVE-2026-11570
Medium

The User Submitted Posts WordPress plugin before version 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting vulnerability. This can be triggered by unauthenticated users when a non-default display option is enabled.

CVE-2026-11562
Medium

The WS Form LITE WordPress plugin before version 1.11.8 lacks a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.

CVE-2025-15666
Medium

A heap-based buffer overflow vulnerability was found in Open Asset Import Library Assimp up to version 5.4.3 in the Assimp::SceneCombiner::Copy function. Manipulating width/height arguments triggers the overflow.

CVE-2026-9107
Medium

The Kali Forms plugin for WordPress up to version 2.4.13 is vulnerable to Stored XSS via the 'meta[kaliforms_field_components]' parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary scripts that execute when a user visits the compromised page.

CVE-2026-7828
MediumEPSS 53%

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the win_log() function during memory allocation for list nodes. An attacker can send a sufficiently long HTTP URI, leading to a heap buffer overflow, potentially allowing out-of-bounds write.

CVE-2026-58519
Medium

A Stored XSS vulnerability in the Cargo extension for MediaWiki allows an attacker to inject a malicious script that is stored on the server and executed in the victim's browser. The issue affects versions before 3.9.1.

CVE-2026-58518
Medium

A CSRF vulnerability in the RedirectManager extension for MediaWiki allows an attacker to perform unauthorized actions on behalf of an authenticated user. The issue affects versions before 1.3.3.

CVE-2026-44041
Medium

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. The vncWc2Mb() function in rfb/dh.cpp:204 calls wcslen() on a caller-supplied WCHAR pointer without prior bounds check, potentially reading past the buffer.

CVE-2026-44040
Medium

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. The vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand(), resulting in a seed space of approximately 31 bits determined by publicly observable values. An attacker can predict the challenge within seconds, enabling forgery or offline brute-forcing of responses.

CVE-2026-2387
Medium

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 3.12.9. This is due to the 'eo_events' shortcode accepting attacker-controlled 'no_events' content and rendering it in event list templates without output escaping.

CVE-2026-13443
Medium

The Tutor LMS plugin for WordPress up to version 3.9.13 inclusive is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title due to insufficient input sanitization and output escaping.

CVE-2026-13246
Medium

The GiveWP plugin for WordPress up to 4.16.0 is vulnerable to stored XSS via the 'givewp_campaign_comments' shortcode attributes. Authenticated attackers with author-level access can inject arbitrary scripts that execute on every page visit.

CVE-2026-13015
Medium

The Wp Google Places Review Slider plugin for WordPress up to version 18.1 is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter. Insufficient input sanitization and output escaping in admin/partials/googlecrawl_dfs.php allow unauthenticated attackers to inject arbitrary scripts that execute when a user clicks a crafted link.

CVE-2026-12904
Medium

The Kadence Blocks plugin for WordPress up to version 3.7.7 is vulnerable to Insecure Direct Object Reference (IDOR). The authorization check uses a user-supplied post_id, but the actual read/delete operations on optimizer analysis records are performed using a hash of the post_path, which can be manipulated by the attacker. This allows authenticated attackers with Contributor-level access or higher to read or delete analysis records belonging to other users' posts.

CVE-2026-12902
Medium

The Kadence Blocks plugin for WordPress up to version 3.7.7 fails to properly verify user authorization, allowing authenticated attackers with contributor-level access or higher to create arbitrary Media Library attachments. Attackers can remotely download images to the uploads directory, bypassing the upload_files capability boundary.

CVE-2026-12135
Medium

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute in all versions up to and including 7.5.51.7212 due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts that execute when users access affected pages.

PreviousPage 14 of 485Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS