CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14449
Medium

u5CMS through v12.8.8 is vulnerable to reflected XSS via the 'thanks' parameter in multiple form components.

CVE-2026-11946
High

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length, allowing an arbitrarily large string (up to ~4.09 GB) to be declared and delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out.

CVE-2025-69156
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the Kids Zone - Children WordPress theme version 5.4 and earlier. It allows a remote attacker to inject malicious JavaScript code without requiring authentication.

CVE-2025-69155
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the Fitness Zone WordPress Theme version 5.7 and earlier. It allows a remote attacker to inject malicious JavaScript code without authentication.

CVE-2025-69154
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the SpaLab Beauty Salon WordPress Theme version 6.7 and earlier. It allows a remote attacker to inject malicious JavaScript code without authentication.

CVE-2025-69153
High

The Trendy Travel plugin version 6.7 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2025-69152
High

The Artale | Wedding Photography WordPress plugin version 2.2.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2025-69134
High

The OpenAI Chatbot for WordPress – Helper plugin version 1.1.4 and earlier contains a vulnerability allowing unauthenticated attackers to delete arbitrary content. The flaw is due to missing authorization and input validation.

CVE-2025-69133
High

The Tourmaster plugin version 5.4.5 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by a subscriber. An authenticated user with the subscriber role can read arbitrary files on the server.

CVE-2025-69132
Medium

The Corpkit plugin version 1.0.5 and earlier allows exposure of sensitive subscriber data. This vulnerability enables unauthorized users to access confidential information.

CVE-2025-69094
High

The Unicamp plugin version 2.2.2 and earlier contains a SQL injection vulnerability exploitable by subscribers. An attacker with subscriber privileges can inject malicious SQL queries, potentially leading to unauthorized database access.

CVE-2025-66076
Medium

The Woostify Sites Library plugin version 1.6.2 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to template library functions.

CVE-2025-58902
High

An unauthenticated Local File Inclusion vulnerability exists in Lighthouse versions up to 1.2.12. It allows an attacker to read arbitrary files from the server without authentication.

CVE-2026-54431
Medium

In the liboauth2 library, the DPoP verifier accepts a proof whose jwk header contains private key material. The oauth2_token_verify() function returns success for a malformed DPoP proof embedding a private EC key, violating RFC 9449 requirements.

CVE-2026-54430
Medium

The liboauth2 library is vulnerable to Server-Side Request Forgery (SSRF) in the oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, the kid value is appended to alb_base_url without URL encoding or path sanitization, and the HTTP GET request is issued before signature verification.

CVE-2026-9834
HighEPSS 84%

The WP Database Backup plugin for WordPress up to version 7.11 is vulnerable to OS command injection via the `wp_db_exclude_table` parameter. An authenticated attacker with administrator privileges can inject malicious data that is directly concatenated into the `mysqldump` command without proper escaping, allowing arbitrary command execution on the server.

CVE-2026-9188
Medium

The Wappointment plugin for WordPress up to version 2.7.6 contains an Insecure Direct Object Reference (IDOR) vulnerability. The authorization key `edit_key` is generated as a predictable, unsalted MD5 hash of a sequential client ID, a publicly observable timestamp, and a small staff ID, allowing unauthenticated attackers to compute it and cancel or reschedule other users' appointments.

CVE-2026-9145
Medium

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress up to version 1.5.1 contains an arbitrary file copy vulnerability. The create_entry_el() function passes the raw_value from Elementor Pro's Form_Record object directly to PHP's copy() without validation, allowing an attacker to copy any file from the server or from an external URL.

CVE-2026-8482
Medium

A vulnerability was discovered in StormShield Network Security versions 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, and 5.0.0 to 5.0.5, allowing a possible leak of secret information when administration commands are passed via the CLI tool. An attacker with SSH access to the firewall (if SSH multiuser mode is enabled) could potentially obtain the proxy CA passphrase or TPM password.

CVE-2026-8441
High

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter in the wprp_load_more_revs AJAX action. The unsanitized value is concatenated directly into an AND id NOT IN (...) clause, allowing unauthenticated attackers to extract database data.

PreviousPage 23 of 4495Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS