CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The Groundhogg plugin for WordPress (CRM, newsletters, and marketing automation) in versions up to and including 4.5.5 is vulnerable to generic SQL injection via the 'search' parameter. This is due to insufficient escaping of user-supplied input and lack of proper preparation of SQL queries.
The Ivory Search WordPress plugin up to version 5.5.15 is vulnerable to stored XSS via the 'menu_title' and 'menu_magnifier_color' settings due to insufficient input sanitization and output escaping.
A vulnerability in HCL Traveler for Microsoft Outlook (HTMO) allows unauthorized access to sensitive application data, which could be exploited by an attacker to launch further attacks and cause unexpected application behavior.
In Kestra prior to versions 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control bypass that allows any authenticated user to read output files from any other execution within the same tenant, bypassing execution-level and namespace-level isolation.
A stored cross-site scripting (XSS) vulnerability in Koha Library Management System versions 0 through 25.11 allows an authenticated remote attacker with admin privileges to inject arbitrary scripts via the item type check-in message field.
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System versions 0 through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).
A stored cross-site scripting (XSS) vulnerability was discovered in the patron restriction type administration page of Koha Library Management System versions 0 through 25.11. It allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field).
In the unauthenticated UART debug console of the Tenda N300 F3 (V603) router, WPA2 credentials are stored and exposed in cleartext, and the rr/wr memory read/write commands lack authentication. A physically proximate attacker can obtain these credentials and arbitrarily read or write memory via the serial port.
A stack overflow vulnerability was found in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of Bento4 before version 1.8.9. Attackers can exploit this by providing a crafted MP4 file, causing a Denial of Service (DoS).
A stack overflow vulnerability in the AP4_StsdAtom::AP4_StsdAtom component of Bento4 before version 1.8.9 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
In Notepad++ prior to 8.9.6.4, a TOCTOU vulnerability exists in handling shortcuts.xml. The HMAC check occurs at command execution time, but the command payload is taken from memory that is not synchronized with the disk file. An attacker can swap the file before launch and restore it afterward, allowing malicious commands to execute.
Notepad++ prior to version 8.9.6.1 contains a vulnerability in handling WM_COPYDATA messages. A local process in the same Windows session can send a malformed message that does not enforce data length checking, potentially leading to a buffer overflow.
The vulnerability in Lansweeper lsrunase 2.0 and lsencrypt 2.0 uses RC4 encryption with a hardcoded 142-byte static key. An 8-character prefix is stored in cleartext alongside the ciphertext, allowing a local attacker to recover any encrypted password to plaintext without brute force.
HCL Traveler for Microsoft Outlook libraries are being falsely flagged as potentially malicious software or an unrecognized application. This may prevent installation or execution of the software by security systems.
In RustFS version 1.0.0-beta.7 and earlier, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. The validate_admin_request call is missing, allowing restricted users to read sensitive cluster-wide operational data.
In the Linux kernel, the MANA network driver (Microsoft Azure Network Adapter) had a vulnerability due to incorrect debugfs directory naming. The previous approach used a hardcoded "0" for Physical Functions (PFs) and pci_slot_name() for Virtual Functions (VFs), leading to race conditions and potential memory leaks. The fix replaces these with the unique BDF identifier returned by pci_name().
A vulnerability in the Linux kernel's DSA (Distributed Switch Architecture) drivers causes a deadlock when running ethtool operations on the conduit (master) interface. The issue stems from redundant netdev_lock_ops calls in DSA wrappers, leading to system hang.
In the Linux kernel's io_uring/napi subsystem, there was no cap on the maximum NAPI polling time, potentially causing task hangs and kernel preemption complaints. A 10 ms limit was added to prevent these issues.
In the Linux kernel, a vulnerability was found in the nilfs2 filesystem where the nilfs_ioctl_mark_blocks_dirty() function fails to reject a zero bd_oblocknr value. An attacker can send a crafted ioctl request with bd_oblocknr set to 0, bypassing the dead block check and calling nilfs_bmap_mark() on a non-existent block, triggering a WARN_ON and potentially causing system disruption.
In the Linux kernel, the WARN_ON_ONCE in wbt_init_enable_default() was removed because it triggered false alarms on expected memory allocation or writeback throttling registration failures. The disk simply operates without throttling, which is harmless.

