CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2022-44630
Medium

CSRF vulnerability in YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This affects versions from n/a through 1.16.0.

CVE-2022-42479
Medium

TemplateHouse Soledad has a missing authorization vulnerability that allows access to functionality not properly constrained by access control lists (ACLs). This issue affects Soledad from n/a through 8.2.5.

CVE-2024-32110
Medium

CVE-2024-32110 describes a Cross-Site Request Forgery (CSRF) vulnerability in Magepeople inc.'s WpEvently, allowing for CSRF attacks.

CVE-2023-40200
Medium

CVE-2023-40200 is a vulnerability in the WP Logo Showcase Responsive Slider and Carousel plugin that allows authorization bypass through a user-controlled key. This issue affects versions from n/a to 3.6.

CVE-2026-41001
Medium

Spring Boot uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker can pre-create this predictable directory or place a symlink before the application starts.

CVE-2026-40997
Medium

Several Spring WS integration paths with Spring Security could expose detailed account state information, such as locked or disabled user accounts, through exception messages or callback outcomes. This behavior assists remote attackers in distinguishing valid accounts from invalid ones.

CVE-2026-40996
Medium

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 encrypted key material unless operators explicitly reconfigured the flag.

CVE-2026-40995
Medium

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken for a certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks.

CVE-2026-40992
Medium

Spring Boot does not enable hostname verification in mail auto-configuration. Applications that set the relevant JavaMail property are not affected.

CVE-2026-40986
Medium

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not 'text/html'. This can lead to a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker.

CVE-2026-40985
Medium

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.

CVE-2026-2827
Medium

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'oum_location_notification' parameter in versions up to and including 1.4.31 due to insufficient input sanitization and output escaping.

CVE-2026-53465
Medium

ImageMagick prior to version 7.1.2-25 contained a vulnerability that allowed for a heap buffer over-write when encoding a crafted multi-frame image with the SF3 encoder.

CVE-2026-53464
Medium

ImageMagick prior to version 7.1.2-25 has a small memory leak issue when providing invalid options to the wand option parser.

CVE-2026-53463
Medium

ImageMagick prior to versions 6.9.13-50 and 7.1.2-25 had a vulnerability that led to a null pointer dereference when passing incorrect arguments in the distort operation. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

CVE-2026-53462
Medium

ImageMagick prior to versions 6.9.13-50 and 7.1.2-25 has a memory allocation issue in CheckPrimitiveExtent, which can lead to a heap-use-after-free error and application crash.

CVE-2026-49219
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had an issue with incorrect parsing of filenames, which could lead to a policy bypass and reading disallowed files using symlinks.

CVE-2026-48994
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had a missing check of a return value, which could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

CVE-2026-48734
Medium

ImageMagick prior to versions 6.9.13-49 and 7.1.2-24 had a stack overflow vulnerability due to a missing depth or visited-set check in MVG files. This issue has been patched in the mentioned versions.

CVE-2026-48733
Medium

ImageMagick prior to versions 6.9.13-49 and 7.1.2-24 contained a flaw that could lead to an infinite loop during the subimage-search operation when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

PreviousPage 143 of 568Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS