CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In IMS, a vulnerability allows out-of-bounds read due to missing bounds check. This could lead to remote denial of service without requiring additional execution privileges.
A vulnerability in curl causes the tool layer to skip initialization of critical SSH security options like CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS when using a schemeless URL with `--proto-default sftp` (or scp), while libcurl establishes the connection as specified. This results in curl connecting to an unverified SSH remote host without error.
A vulnerability in libcurl causes the Authorization header intended for the original host to be incorrectly forwarded to a different host when reusing a handle for HTTP transfers with Digest authentication.
CVE-2026-11586 is a vulnerability in curl that allows a malicious server to exhaust memory by sending rapid, sequential WebSocket PING frames. The lack of an upper bound on memory allocation for unacknowledged frames causes curl to consume all available memory.
A vulnerability in libcurl causes an easy handle that first uses default native CA trust to continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer. This occurs because libcurl keeps previously used connections in a connection pool for reuse.
A vulnerability in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service (DoS) against a curl or libcurl client. The helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, enabling a connected QUIC peer to continuously stream empty datagrams and indefinitely stall the client.
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, subsequently invokes curl_easy_reset(), and finally terminates the handle with curl_easy_cleanup(). During the final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
The Printcart Web to Print Product Designer for WooCommerce plugin up to version 2.5.2 is vulnerable to Arbitrary File Deletion due to insufficient path validation in the store_design_data() function. The user-supplied 'nbd_item_key' POST parameter is sanitized only with sanitize_text_field(), which does not strip path traversal sequences, and then passed to Nbdesigner_IO::delete_folder() and PHP's rename(). The nonce protecting the nbd_save_customer_design AJAX action is freely obtainable by unauthenticated users via the nbd_check_use_logged_in endpoint.
The JSON API User plugin for WordPress up to version 4.1.0 is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the post_comment API endpoint. The post_comment() function lacks proper input sanitization, allowing authenticated attackers with subscriber-level access or higher to inject arbitrary scripts that execute when the page is viewed.
The MotoPress Appointment Booking plugin for WordPress up to version 2.4.4 contains an authorization bypass vulnerability via user-controlled key. Unauthenticated attackers can overwrite customer data (name, email, phone, customer_id) in non-confirmed bookings using a publicly accessible REST endpoint.
The CM Business Directory plugin for WordPress up to version 1.5.7 is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields. Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts that execute when a user visits an injected page.
The Ultimate Member plugin for WordPress up to version 2.11.4 is vulnerable to stored XSS via the 'about_me' parameter. Authenticated attackers with subscriber-level access or higher can inject arbitrary JavaScript that executes when users visit affected pages.
The AR for WooCommerce plugin for WordPress up to version 8.40 is vulnerable to Directory Traversal via the 'file' parameter. Unauthenticated attackers can read arbitrary files on the server, including sensitive information, because all three access controls fail: nonces are freely minted without authentication, the AES-256-CBC encryption key is predictable (derived from 'ar_licence_key' which defaults to false), and the Referer check is trivially bypassed.
The NEX-Forms plugin for WordPress up to version 9.2.2 is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary scripts that execute when a user accesses the affected page.
The Ninja Forms - File Uploads plugin for WordPress up to version 3.3.29 inclusive contains an authorization bypass vulnerability. Unauthenticated attackers can read all debug log entries stored in the wp_nf3_log table or permanently delete all rows from that table.
The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 3.9.30. The vulnerability exists in the wpie_import_upload_file_from_url AJAX action, where after a failed call to wp_safe_remote_get() (which blocks private IPs), the code falls back to GuzzleHttp\Client::request() without SSRF protection and with TLS verification disabled. This allows authenticated attackers with administrator-level access to make requests to arbitrary locations, including internal services like the cloud metadata endpoint.
A vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. The issue stems from external control of file name or path.
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open a specified URL.
The ASUS AI Suite 3 driver contains a vulnerability due to improper validation of specified quantity in input, allowing a local user to bypass security and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. The product is unsupported (UNSUPPORTED WHEN ASSIGNED).
The ASUS AI Suite 3 driver lacks proper validation of specified quantity in input, allowing a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.

