CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-1239
High

The Ninja Forms plugin for WordPress is vulnerable to unauthorized data access due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to and including 3.14.1. This allows unauthenticated attackers to view form submissions, which may contain sensitive information.

CVE-2026-14193
High

The vulnerability in the DVP80ES300T device is caused by improper validation of an array index, which could allow an attacker to execute code or cause a system crash.

CVE-2026-12579
High

The AS228T device contains an authentication bypass vulnerability. An attacker can gain unauthorized access to the system without knowing valid credentials.

CVE-2026-11887
Medium

The Salon Booking System WordPress plugin before version 10.30.20 lacks proper authorization checks on one of its AJAX actions, allowing any authenticated user (e.g., a subscriber) to modify a plugin setting and bypass manual approval of new bookings.

CVE-2026-11883
High

The WebAuthn Provider for Two Factor WordPress plugin before version 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

CVE-2026-11880
Low

The Fluent Forms WordPress plugin before version 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with low privileges to cancel subscriptions belonging to other users.

CVE-2026-11823
High

The BookingPress Appointment Booking Pro plugin for WordPress up to version 5.7.1 is vulnerable to SQL Injection via the 'store_service_date' parameter in the bpa_assign_staffmember_to_slots() function. This is due to the use of stripslashes_deep() on POST data without using $wpdb->prepare(), allowing unauthenticated attackers to append additional SQL queries.

CVE-2026-11794
High

The Advanced Form Integration plugin for WordPress before version 2.1.1 does not restrict the WordPress role assigned when creating a user from a public form submission. This allows unauthenticated visitors to create an administrator account if an active integration maps the user role to a public form field, requiring a specific non-default configuration.

CVE-2026-11570
Medium

The User Submitted Posts WordPress plugin before version 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting vulnerability. This can be triggered by unauthenticated users when a non-default display option is enabled.

CVE-2026-11568
High

The Product Configurator for WooCommerce WordPress plugin before version 1.7.3 lacks authorization and post-status checks when returning WooCommerce product data via a public AJAX action. This allows unauthenticated users to retrieve data (title, price, weight, stock status, and configurator option pricing/SKUs) of private and draft products by supplying the product ID, bypassing WordPress post-visibility controls.

CVE-2026-11562
Medium

The WS Form LITE WordPress plugin before version 1.11.8 lacks a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.

CVE-2026-10750
High

The Royal MCP WordPress plugin before version 1.4.26 does not perform capability checks on most of its MCP tools after token authentication, allowing authenticated users with low-privileged roles such as Subscriber to read private content, enumerate all users and their roles, and create, modify, or delete content owned by other users.

CVE-2025-15666
Medium

A heap-based buffer overflow vulnerability was found in Open Asset Import Library Assimp up to version 5.4.3 in the Assimp::SceneCombiner::Copy function. Manipulating width/height arguments triggers the overflow.

CVE-2026-9107
Medium

The Kali Forms plugin for WordPress up to version 2.4.13 is vulnerable to Stored XSS via the 'meta[kaliforms_field_components]' parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary scripts that execute when a user visits the compromised page.

CVE-2026-7840
CriticalEPSS 65%

UltraVNC repeater up to version 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. The HTTP receive buffer accepts URIs up to approximately 150 KB (WI_RXBUFSIZE = 153600), so an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) can overflow hdrbuf by at least 500 bytes with a single HTTP request containing a URI of 1500 bytes or longer, corrupting adjacent .bss-segment globals. The overflow occurs before any authentication check, making it reachable without credentials. A remote, unauthenticated attacker can achieve arbitrary code execution on the host running the repeater.

CVE-2026-7839
Critical

UltraVNC repeater up to version 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. On first run, when settings2.txt is absent, it writes the password "adminadmi2" for the admin user. The Basic-auth handler lacks rate-limiting or lockout, allowing a remote attacker to easily gain full control of the repeater configuration.

CVE-2026-7838
HighEPSS 63%

UltraVNC viewer up to version 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. The 4-byte reasonLen field (CARD32) is passed as reasonLen+1 to CheckBufferSize(), where a value of 0xFFFFFFFF overflows to 0, allocating only 256 bytes, followed by reading 4 GiB into that buffer. This is reachable without authentication via rfbConnFailed and rfbVncAuthFailed message types.

CVE-2026-7831
High

UltraVNC viewer up to version 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. When the server supplies a desktop name of exactly 2024 bytes, ReadString writes a null terminator one byte past the allocated buffer, causing a stack overflow.

CVE-2026-7830
High

UltraVNC up to version 1.8.2.2 uses weak cryptography in the MS-Logon II authentication scheme. The Diffie-Hellman key exchange relies on 64-bit parameters that can be broken in under a second, and the random number generator based on rand() with a time seed allows private key recovery within a minute. A network attacker can derive the shared DH key and decrypt the username and password.

CVE-2026-7829
High

A post-authentication out-of-bounds write vulnerability in UltraVNC repeater through version 1.8.2.2 exists in the allow/deny rule parser. The code writes a NUL terminator without clamping the length to the destination buffer size, potentially corrupting stack data.

PreviousPage 58 of 4504Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS