CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-48943
Medium

A mass-assignment vulnerability in K2 ≤ 2.24 exists in the `plg_user_k2` system user plugin. A registered Joomla user can, by including the `K2UserForm=1` field in a standard `com_users` `profile.save` POST request, write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table, which are not exposed by the K2 frontend profile-edit form.

CVE-2026-48942
Medium

K2 version 2.26 and earlier renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

CVE-2026-48941
Medium

A vulnerability in the K2 component for Joomla! allows an unauthenticated attacker to delete arbitrary directories via the `sigProFolder` parameter in the `item.checkin` task. The attacker can exploit this flaw to remove gallery directories under `/media/k2/galleries/`.

CVE-2026-6432
Medium

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

CVE-2026-57587
Medium

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

CVE-2026-57536
Medium

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-57437
Medium

Vulnerability in the Nokogiri library for Ruby (versions prior to 1.19.4) causes Nokogiri::XML::XPathContext to not keep its source document alive for garbage collection. If an XPathContext outlives its document and the document is collected, evaluating an XPath expression could read invalid memory and potentially segfault.

CVE-2026-57436
Medium

Vulnerability in the Nokogiri library for Ruby allows setting a DTD node as the document root, leading to a heap use-after-free during garbage collection or finalization, resulting in invalid memory read or potential segfault.

CVE-2026-49319
Medium

The Remote Keyless Entry System (RKES) using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD. is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly, resulting in a successful lock or unlock operation of the vehicle.

CVE-2026-13225
Medium

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

CVE-2026-13223
Medium

The payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-13222
Medium

The payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-57619
Medium

The Elementor Website Builder plugin version 4.1.3 and earlier contains a contributor sensitive data exposure vulnerability. This flaw may allow an attacker to access confidential information stored by the plugin.

CVE-2026-57429
Medium

The Slim SEO plugin versions up to 4.6.2 contain a vulnerability involving broken access control for contributors. A user with the contributor role can gain unauthorized access to SEO management functions.

CVE-2026-56050
Medium

The PPOM for WooCommerce plugin contains an Improper Access Control vulnerability, allowing exploitation of incorrectly configured access control security levels. This issue affects versions from n/a through 33.0.18.

CVE-2026-56023
Medium

The UPI QR Code Payment Gateway for WooCommerce plugin version 1.6.2 and earlier contains a broken access control vulnerability. This allows unauthorized users to manipulate the payment process.

CVE-2026-56013
Medium

The License Manager for WooCommerce plugin version 3.0.15 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data without requiring authentication.

CVE-2026-52690
Medium

The vulnerability allows spoofing replies to a Recursor, which may mark an IP address of an authoritative server as not supporting EDNS. As a result, validation of DNSSEC records served by that server may fail.

CVE-2026-4526
Medium

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network.

CVE-2026-47154
Medium

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries, resulting in process termination. These messages must come from a device that has already joined the network.

PreviousPage 43 of 519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS