CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-12937
High

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress plugin is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to and including 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

CVE-2026-9702
High

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer, allowing unauthenticated attackers to silently redirect the shipping destination of WooCommerce orders.

CVE-2026-5305
High

The Email Address Encoder WordPress plugin before 1.0.25 and email-encoder-premium WordPress plugin before 0.3.12 do not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks.

CVE-2026-12490
High

A vulnerability in the DNS system allows bypassing client certificate authentication for zone transfers (XFR) when using provide-xfr with tls-auth-name. If the request comes via TLS on the standard TLS port (not the tls-auth port) or via plain TCP on the standard port, the server does not require a client certificate, even if the provide-xfr rule specifies one.

CVE-2026-12246
High

In NSD version 4.14.0, a bug was introduced where a specially crafted APL RR with an adflength larger than permitted for the address family overwrites the stack when the zone is written to disk, with a maximum of 111 attacker-controlled bytes.

CVE-2026-12245
High

In NSD from version 4.13.0, a heap use-after-free bug was found in logging errors on TLS connections. The vulnerability causes a crash of the server process, which can be easily triggered by sending a DNS query over a DoT connection and closing the connection without reading the response.

CVE-2026-12244
High

A vulnerability in NSD allows an attacker acting as a primary server for a zone to cause a heap overflow by sending an AXFR response containing a specially crafted SVCB record with an rdata size of 65512 bytes. This causes a uint16_t variable used for memory allocation to wrap, leading to a write beyond the allocated buffer.

CVE-2026-13311
High

The vulnerability in shell-quote before version 1.8.5 causes the parse() function to run in O(n^2) time relative to the number of input tokens. An attacker can supply a crafted string that blocks the single-threaded Node.js event loop for an extended period, leading to denial of service (DoS).

CVE-2026-12053
High

In GitLab EE, a vulnerability was found that under certain conditions could allow a user to access sensitive information already committed to a project. The issue was due to insufficient output filtering in Duo Workflows.

CVE-2026-10712
High

A vulnerability in GitLab CE/EE allows an unauthenticated attacker to execute arbitrary JavaScript in a user's browser session due to improper path validation. Affects versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1.

CVE-2026-10086
High

An issue was discovered in GitLab EE where improper sanitization of user-supplied input could allow an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of another user's session.

CVE-2026-12077
High

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the 'latitude' and 'longitude' parameters in all versions up to and including 5.0.4 due to insufficient escaping and lack of proper query preparation.

CVE-2026-8666
High

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

CVE-2026-8665
High

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

CVE-2026-8660
High

The Ping plugin for Rapid7 InsightConnect on Linux is vulnerable to OS command injection. Remote attackers can execute arbitrary commands via the host parameter due to insufficient input validation when constructing shell commands.

CVE-2026-8592
High

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

CVE-2026-9155
HighEPSS 56%

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

CVE-2026-9154
High

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.

CVE-2026-57589
High

In the OpenBSD kernel up to version 7.9, a use-after-free vulnerability exists in sys/kern/sysv_sem.c, allowing local privilege escalation to root. The issue occurs after a context switch following tsleep in sys_semget().

CVE-2026-9787
HighEPSS 69%

A vulnerability in Quest NetVault Backup allows remote code execution via command injection in the NVBULogDaemon process. The issue stems from improper validation of user-supplied data before using it in a system call, allowing an attacker to execute code in the SYSTEM context. Authentication is required, but the existing authentication mechanism can be bypassed.

PreviousPage 62 of 3344Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS