CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-47281
Critical

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-45657
Critical

A use after free vulnerability in Windows Kernel allows an unauthorized attacker to execute code over a network.

CVE-2026-45602
Critical

A vulnerability in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

CVE-2026-44815
Critical

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42904
Critical

A heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-38615
Critical

DedeCMS version 5.7.118 is vulnerable to Command Execution in file_manage_control.php.

CVE-2026-34182
Critical

Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises.

CVE-2026-26142
CriticalEPSS 78%

A deserialization of untrusted data vulnerability in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

CVE-2026-8025
Critical

CVE-2026-8025 describes an improper neutralization of special elements used in SQL commands, leading to SQL Injection vulnerability in the CBS Platform by MOSK Information Technologies Ltd.

CVE-2026-25089
CriticalEPSS 76%

Fortinet FortiSandbox has a vulnerability due to improper neutralization of special elements in OS commands, allowing unauthenticated attackers to execute unauthorized commands via specially crafted HTTP requests.

CVE-2026-10523
CriticalEPSS 99%

CVE-2026-10523 in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 contains an authentication bypass vulnerability that allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access.

CVE-2026-10520
CriticalActively exploitedEPSS 98%

CVE-2026-10520 is an OS Command Injection vulnerability in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution.

CVE-2026-7486
Critical

There is an SQL injection vulnerability in Netcad Software Inc. E-İmar due to improper neutralization of special elements used in SQL commands. This issue affects E-İmar from version 2.10.1.0 to before 3.0.2.

CVE-2026-46325
Critical

A vulnerability has been identified in the Linux kernel regarding the iova-to-va conversion for memory region page sizes different from PAGE_SIZE. This flaw leads to incorrect handling of memory regions, potentially resulting in erroneous virtual addresses.

CVE-2026-46316
Critical

A vulnerability was found in the Linux kernel's KVM for ARM64, specifically in the VGIC-ITS translation cache. The cache invalidation function can drop the same reference multiple times when called concurrently from different contexts, leading to a premature object release.

CVE-2017-20251
Critical

The Insert PHP plugin for WordPress versions before 3.3.1 contains a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API.

CVE-2026-10731
Critical

CVE-2026-10731 describes an SQL injection vulnerability in the 'two_steps_auth_code' parameter processed by the 'twoStepsAuthVerification' function within the '/user-login' endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queries on the backend database.

CVE-2025-10263
Critical

A vulnerability in ARM processors allows writes to resources owned by a higher exception level. It affects a wide range of chips including Cortex-A, Neoverse, and C1 series.

CVE-2009-10007
Critical

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl are susceptible to session fixation attacks. The plugin does not automatically change the session id after authentication, allowing an attacker to impersonate the victim.

CVE-2026-9698
Critical

A vulnerability in the DBI library for Perl before version 1.648 causes a buffer overflow when saving error messages. The issue occurs when RaiseError, PrintError, or HandleError options are enabled, and an attacker can influence the error text.

PreviousPage 42 of 552Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS