CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The JoomSport plugin for WordPress up to version 5.7.8 contains a missing authorization vulnerability in the joomsport_season_groupdel() AJAX handler. It allows authenticated attackers with Subscriber-level access or higher to delete arbitrary JoomSport groups without proper capability checks.
The WPForms plugin for WordPress up to version 1.10.2 is vulnerable to CRLF Injection, allowing email header injection. The flaw occurs due to improper handling of the Reply-To display name, enabling unauthenticated attackers to inject arbitrary headers like Bcc into outgoing notification emails.
The Appointment Booking Calendar plugin for WordPress up to version 1.4.02 exposes sensitive information via the cpabc_appointments_filter_list parameter. This allows authenticated attackers with contributor-level access or higher to extract customer personal identifiable information such as names, email addresses, phone numbers, appointment comments, and other booking details.
The Taskbuilder plugin for WordPress up to version 5.0.8 is vulnerable to generic SQL injection via the 'task_search' parameter due to insufficient escaping and lack of query preparation. Authenticated attackers with subscriber-level access or higher can append malicious SQL queries.
The Taskbuilder plugin for WordPress is vulnerable to generic SQL injection via the 'wppm_proj_filter' parameter in versions up to 5.0.8. Insufficient escaping and lack of query preparation allow authenticated attackers (subscriber-level and above) to append additional SQL queries, enabling extraction of sensitive database information.
The LearnPress WordPress LMS plugin up to version 4.3.9.1 is vulnerable to Insecure Direct Object Reference (IDOR) via the 'userId' parameter. An authenticated attacker with subscriber-level access or higher can view course enrollment progress and completion data belonging to instructors and administrators.
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 4.15.3. This is due to missing nonce validation on the give_set_notification_status_handler() function, allowing unauthenticated attackers to disable donation email notifications via a forged request.
The JetWidgets For Elementor plugin for WordPress up to version 1.0.21 is vulnerable to Stored Cross-Site Scripting (XSS). This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animation_effect setting before it is rendered inside an HTML class attribute. Authenticated attackers with author-level access or higher can inject arbitrary web scripts that execute when a user visits an injected page.
In the Modem module, a vulnerability was found that allows privilege escalation through a permissions bypass. This can be exploited locally if the attacker already has System privileges. User interaction is not required for exploitation.
A memory corruption vulnerability due to a heap buffer overflow has been discovered in Telephony. This could lead to local escalation of privilege if an attacker already has System privileges. User interaction is not required for exploitation.
In the Modem module, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote denial of service if a UE connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are needed for exploitation.
In the Modem module, there is a vulnerability leading to information disclosure due to improper input validation. An attacker can remotely disclose information if the user equipment (UE) connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are required for exploitation.
A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by using a rogue base station without requiring user interaction.
A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by luring a UE to connect to a rogue base station.
A vulnerability in Thunderbird allows an attacker to send HTML chat messages via Matrix or XMPP, enabling injection of arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.
A malicious LDAP server, queried by Thunderbird for address-book autocomplete, can send arbitrarily large amounts of data to the Thunderbird LDAP client, causing a crash due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.
A vulnerability in the Oj (Optimized JSON) library for Ruby prior to version 3.17.2 causes heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in the buf_append_string function leads to copying an astronomically large amount of data out of bounds.
The Oj (Optimized JSON) library for Ruby prior to version 3.17.2 has a Use-After-Free vulnerability in SAJ mode. The Oj::Parser does not protect cached object keys (≥35 bytes) from garbage collection, and a Ruby callback in hash_end can free the key memory while the C parser still holds a pointer. This causes a segfault, confirmed by RIP pointing to address 0x4242.
A Use-After-Free vulnerability was found in the Oj (Optimized JSON) library for Ruby in normal parser mode. The issue occurs when the garbage collector reclaims array_class and hash_class objects before they are used, leading to dereferencing freed memory and a segfault.
In the Oj (Optimized JSON) library for Ruby, a heap corruption vulnerability exists. When a JSON object key is exactly 65,535 bytes long, an integer truncation in the form_attr function causes a negative length to be passed to memcpy, copying a huge amount of data and crashing the process. The issue is fixed in version 3.17.2.

