CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 1.6.8. The doctreat_process_registration() function does not properly restrict the roles that a user can register with.
The Schema & Structured Data for WP & AMP WordPress plugin before version 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library.
A buffer overflow vulnerability has been reported in File Station 5, which can be exploited by remote attackers to modify memory or crash processes.
A buffer overflow vulnerability has been reported in File Station 5, which can be exploited by remote attackers to modify memory or crash processes.
The vulnerability has been fixed in QTS version 5.2.7.3256 build 20250913 and later. QuTS hero is not affected by this vulnerability.
The esp_tee component in versions 5.5.4 and 6.0 of the ESF-IDF framework has a vulnerability that allows unauthorized access to secure hardware services. This issue has been patched in versions 5.5.5 and 6.0.1.
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction.
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Version 8.3 of the bookcars application contains an insecure authentication vulnerability in the /api/social-sign-in endpoint, allowing attackers to bypass authentication using a forged JWT token.
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
An issue was discovered in bitbank2 AnimatedGIF v2.2.0 related to a buffer overflow in the DecodeLZW function. This allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
The router from Shenzhen Kangda Xin Intelligent Network Technology, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
In FreeSWITCH prior to version 1.11.1, there is a vulnerability in the mod_verto HTTP request handler that leads to a heap buffer overflow. Due to improper buffer size limitation, an attacker can exploit this flaw to overflow the buffer by up to ~8 MiB.
In versions prior to 1.11.1, FreeSWITCH has a vulnerability in the esl_recv_event() function that does not validate the Content-Length value. A malicious user or man-in-the-middle attacker can send a frame with a negative Content-Length, potentially corrupting the heap or crashing the process.
Azure Stack Edge has a vulnerability that allows external control of file name or path, enabling an unauthorized attacker to execute code over a network.
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

