CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-11589
High

The WP Support Plus Responsive Ticket System WordPress plugin through version 9.1.2 fails to properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.

CVE-2026-58302
High

A vulnerability in the rtapi_app component of the linuxcnc-uspace package in LinuxCNC before version 2.9.9 allows privilege escalation. The program is installed SUID root and loads shared library modules via dlopen() using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library, and because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

CVE-2026-12243
High

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` only checks for literal `../` sequences but fails to account for percent-encoded traversal sequences such as `..%2f`. The `url2pathname()` function decodes these sequences after validation, allowing an attacker to bypass the protection.

CVE-2026-8023
High

A vulnerability in Zephyr's HTTP server allows reading files outside the configured root directory. An attacker can send a GET request with ../ sequences in the URL path, bypassing access restrictions for static files.

CVE-2026-7656
High

A logic error in IPv6 Neighbor Discovery handlers in Zephyr RTOS causes incorrect operator precedence, bypassing critical checks (Hop Limit == 255, link-local source, multicast sanity). An adjacent or potentially remote attacker can inject forged RA, NS, and NA packets that are accepted.

CVE-2026-51221
High

A buffer overflow vulnerability in the Get_Attribute_List function of EIPStackGroup OpENer (commit 76b95c) allows an attacker to cause a Denial of Service (DoS) by sending a crafted Common Packet Format (CPF) packet.

CVE-2026-34592
High

In Coolify prior to version 4.0.0-beta.471, server and project lookups are not scoped to the current team. An authenticated user can access servers and projects belonging to other teams by specifying their IDs directly.

CVE-2026-55957
High

A missing critical step in authentication was found in Apache Tomcat's JNDIRealm when configured to use GSSAPI. Attackers can authenticate without providing the correct password.

CVE-2026-53404
High

An Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve causes subsequent non-OR conditions to be skipped if the first condition in an OR chain matches.

CVE-2026-41896
High

In Coolify prior to 4.0.0-beta.474, the HMAC key for GitHub webhooks can be null, causing an empty string to be used as the key. An attacker can compute a valid signature and trigger unauthorized deployments.

CVE-2026-34597
High

In Coolify prior to 4.0.0-beta.470, a critical authenticated remote code execution (RCE) vulnerability was found. The flaw is in the handling of the install_command parameter, which is directly concatenated into a shell command during Nixpacks build, allowing arbitrary command execution on the host.

CVE-2026-34594
HighEPSS 61%

In Coolify prior to version 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with network management permissions to execute arbitrary commands as root on managed servers. The "network" parameter is passed directly to shell commands without sanitization, enabling full remote code execution.

CVE-2026-57919
High

A vulnerability in PBackupVSS.exe in Matrix42 Empirum before version 25.5 and 26.x before 26.2 creates a named pipe with overly permissive DACL. An authenticated low-privileged attacker can connect to this pipe and send crafted IPC messages, leading to arbitrary command execution with SYSTEM privileges.

CVE-2026-56018
High

A vulnerability in JavaScript::Minifier::XS for Perl before version 0.16 causes memory leaks on every call to minify(). The cleanup function only frees NodeSet structures but not per-token content buffers, leading to unbounded memory growth.

CVE-2026-56017
High

A vulnerability in JavaScript::Minifier::XS before version 0.16 for Perl causes a crash via NULL pointer dereference when the first meaningful token of the input is a slash. The issue occurs in the JsTokenizeString function during regexp versus division disambiguation.

CVE-2026-53426
High

A vulnerability in the MDEx library for Elixir/Erlang allows exhaustion of the atom table by processing a specially crafted JSON document. The json_to_node/1 function creates new atoms for each unique node_type value, which are never garbage collected, leading to a crash of the entire BEAM virtual machine.

CVE-2026-43735
High

A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was fixed with improved checks in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

CVE-2026-43731
High

A use-after-free vulnerability was found in Safari and Apple systems (iOS, iPadOS, macOS) that could lead to memory corruption when processing maliciously crafted web content. The issue was fixed with improved memory management.

CVE-2026-43725
High

A vulnerability in Safari and Apple systems allows a malicious website to process restricted web content outside the sandbox. The issue was fixed with improved input validation.

CVE-2026-43724
High

A vulnerability in Apple systems allows an app to cause unexpected system termination or write to kernel memory. The issue was addressed with improved input sanitization.

PreviousPage 35 of 3339Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS