CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A use after free vulnerability in Windows Kernel allows an unauthorized attacker to execute code over a network.
A vulnerability in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
A heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
DedeCMS version 5.7.118 is vulnerable to Command Execution in file_manage_control.php.
Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises.
A deserialization of untrusted data vulnerability in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
CVE-2026-8025 describes an improper neutralization of special elements used in SQL commands, leading to SQL Injection vulnerability in the CBS Platform by MOSK Information Technologies Ltd.
Fortinet FortiSandbox has a vulnerability due to improper neutralization of special elements in OS commands, allowing unauthenticated attackers to execute unauthorized commands via specially crafted HTTP requests.
CVE-2026-10523 in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 contains an authentication bypass vulnerability that allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access.
CVE-2026-10520 is an OS Command Injection vulnerability in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution.
There is an SQL injection vulnerability in Netcad Software Inc. E-İmar due to improper neutralization of special elements used in SQL commands. This issue affects E-İmar from version 2.10.1.0 to before 3.0.2.
A vulnerability has been identified in the Linux kernel regarding the iova-to-va conversion for memory region page sizes different from PAGE_SIZE. This flaw leads to incorrect handling of memory regions, potentially resulting in erroneous virtual addresses.
A vulnerability was found in the Linux kernel's KVM for ARM64, specifically in the VGIC-ITS translation cache. The cache invalidation function can drop the same reference multiple times when called concurrently from different contexts, leading to a premature object release.
The Insert PHP plugin for WordPress versions before 3.3.1 contains a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API.
CVE-2026-10731 describes an SQL injection vulnerability in the 'two_steps_auth_code' parameter processed by the 'twoStepsAuthVerification' function within the '/user-login' endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queries on the backend database.
A vulnerability in ARM processors allows writes to resources owned by a higher exception level. It affects a wide range of chips including Cortex-A, Neoverse, and C1 series.
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl are susceptible to session fixation attacks. The plugin does not automatically change the session id after authentication, allowing an attacker to impersonate the victim.
A vulnerability in the DBI library for Perl before version 1.648 causes a buffer overflow when saving error messages. The issue occurs when RaiseError, PrintError, or HandleError options are enabled, and an attacker can influence the error text.
A vulnerability in QuMagie has been reported that allows for authorization bypass through a user-controlled key. Remote attackers can exploit this vulnerability to gain unintended privileges.

