CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-12133
Medium

The JoomSport plugin for WordPress up to version 5.7.8 contains a missing authorization vulnerability in the joomsport_season_groupdel() AJAX handler. It allows authenticated attackers with Subscriber-level access or higher to delete arbitrary JoomSport groups without proper capability checks.

CVE-2026-12127
Medium

The WPForms plugin for WordPress up to version 1.10.2 is vulnerable to CRLF Injection, allowing email header injection. The flaw occurs due to improper handling of the Reply-To display name, enabling unauthenticated attackers to inject arbitrary headers like Bcc into outgoing notification emails.

CVE-2026-12113
Medium

The Appointment Booking Calendar plugin for WordPress up to version 1.4.02 exposes sensitive information via the cpabc_appointments_filter_list parameter. This allows authenticated attackers with contributor-level access or higher to extract customer personal identifiable information such as names, email addresses, phone numbers, appointment comments, and other booking details.

CVE-2026-12110
Medium

The Taskbuilder plugin for WordPress up to version 5.0.8 is vulnerable to generic SQL injection via the 'task_search' parameter due to insufficient escaping and lack of query preparation. Authenticated attackers with subscriber-level access or higher can append malicious SQL queries.

CVE-2026-12090
Medium

The Taskbuilder plugin for WordPress is vulnerable to generic SQL injection via the 'wppm_proj_filter' parameter in versions up to 5.0.8. Insufficient escaping and lack of query preparation allow authenticated attackers (subscriber-level and above) to append additional SQL queries, enabling extraction of sensitive database information.

CVE-2026-11988
Medium

The LearnPress WordPress LMS plugin up to version 4.3.9.1 is vulnerable to Insecure Direct Object Reference (IDOR) via the 'userId' parameter. An authenticated attacker with subscriber-level access or higher can view course enrollment progress and completion data belonging to instructors and administrators.

CVE-2026-11981
Medium

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 4.15.3. This is due to missing nonce validation on the give_set_notification_status_handler() function, allowing unauthenticated attackers to disable donation email notifications via a forged request.

CVE-2026-11380
Medium

The JetWidgets For Elementor plugin for WordPress up to version 1.0.21 is vulnerable to Stored Cross-Site Scripting (XSS). This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animation_effect setting before it is rendered inside an HTML class attribute. Authenticated attackers with author-level access or higher can inject arbitrary web scripts that execute when a user visits an injected page.

CVE-2026-20463
Medium

In the Modem module, a vulnerability was found that allows privilege escalation through a permissions bypass. This can be exploited locally if the attacker already has System privileges. User interaction is not required for exploitation.

CVE-2026-20462
Medium

A memory corruption vulnerability due to a heap buffer overflow has been discovered in Telephony. This could lead to local escalation of privilege if an attacker already has System privileges. User interaction is not required for exploitation.

CVE-2026-20461
Medium

In the Modem module, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote denial of service if a UE connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are needed for exploitation.

CVE-2026-20460
Medium

In the Modem module, there is a vulnerability leading to information disclosure due to improper input validation. An attacker can remotely disclose information if the user equipment (UE) connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are required for exploitation.

CVE-2026-20459
Medium

A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by using a rogue base station without requiring user interaction.

CVE-2026-20457
Medium

A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by luring a UE to connect to a rogue base station.

CVE-2026-57963
Medium

A vulnerability in Thunderbird allows an attacker to send HTML chat messages via Matrix or XMPP, enabling injection of arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

CVE-2026-57962
Medium

A malicious LDAP server, queried by Thunderbird for address-book autocomplete, can send arbitrarily large amounts of data to the Thunderbird LDAP client, causing a crash due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

CVE-2026-54903
Medium

A vulnerability in the Oj (Optimized JSON) library for Ruby prior to version 3.17.2 causes heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in the buf_append_string function leads to copying an astronomically large amount of data out of bounds.

CVE-2026-54902
Medium

The Oj (Optimized JSON) library for Ruby prior to version 3.17.2 has a Use-After-Free vulnerability in SAJ mode. The Oj::Parser does not protect cached object keys (≥35 bytes) from garbage collection, and a Ruby callback in hash_end can free the key memory while the C parser still holds a pointer. This causes a segfault, confirmed by RIP pointing to address 0x4242.

CVE-2026-54901
Medium

A Use-After-Free vulnerability was found in the Oj (Optimized JSON) library for Ruby in normal parser mode. The issue occurs when the garbage collector reclaims array_class and hash_class objects before they are used, leading to dereferencing freed memory and a segfault.

CVE-2026-54900
Medium

In the Oj (Optimized JSON) library for Ruby, a heap corruption vulnerability exists. When a JSON object key is exactly 65,535 bytes long, an integer truncation in the form_attr function causes a negative length to be passed to memcpy, copying a huge amount of data and crashing the process. The issue is fixed in version 3.17.2.

PreviousPage 15 of 489Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS