CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-8175
Critical

IBM Aspera High-Speed Transfer Endpoint w wersjach od 3.7.4 do 4.4.7 Fix Pack 1 oraz IBM Aspera High-Speed Transfer Server w tych samych wersjach są podatne na przepełnienie bufora w komponencie asperahttpd. Ta podatność może być wykorzystana do wywołania odmowy usługi oraz potencjalnie prowadzić do obejścia uwierzytelniania lub zdalnego wykonania kodu.

CVE-2026-7876
Critical

IBM Aspera HSTS for CP4I versions 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may exploit this vulnerability to access files in the server's local storage that they should not have access to when specific restriction settings are not in place.

CVE-2026-7524
Critical

IBM Langflow OSS w wersjach od 1.0.0 do 1.9.1 może umożliwiać zdalne wykonanie kodu z powodu niewłaściwej walidacji linków symbolicznych podczas ekstrakcji archiwów.

CVE-2026-46043
Critical

A vulnerability has been identified in the Linux kernel within the rxe_rcv function, which improperly validates the packet length before calculating the payload size. An attacker could exploit this to trigger an underflow error, potentially leading to security issues.

CVE-2026-46039
Critical

In the Linux kernel, a potential integer overflow in the rxgk_extract_token() function when checking the length of the ticket has been fixed. Instead of rounding up the value to be tested, the size of the available data is rounded down.

CVE-2026-45988
Critical

A vulnerability related to the re-decryption of RESPONSE packets has been fixed in the Linux kernel. If a RESPONSE packet encounters a temporary failure during processing, it may end up in a partially decrypted state and be requeued for retry.

CVE-2026-45972
Critical

In the Linux kernel, a vulnerability was found in the smb2_open_file() function of the SMB client. Failing to zero out @err_iov and @err_buftype pointers before retrying SMB2_open() can lead to a use-after-free (UAF) or double free when @data is not NULL.

CVE-2026-45898
Critical

In the Linux kernel RDMA/iwcm subsystem, a vulnerability causes workqueue list corruption. The issue stems from the incorrect assumption that queue_work() would not enqueue work if already pending, while each free list entry is unique. This leads to processing multiple entries in a single run, freeing and reusing them, resulting in list corruption and kernel panic.

CVE-2026-35090
Critical

In Slican telephone exchanges, it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID, allowing them to bypass admin authentication and gain full access to the service protocol and configuration panel.

CVE-2026-35087
Critical

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.

CVE-2026-42761
Critical

CVE-2026-42761 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection in the Active Products Tables for WooCommerce plugin in versions from n/a to 1.0.9.

CVE-2026-42758
Critical

CVE-2026-42758 describes an incorrect privilege assignment vulnerability in WebinarIgnition that allows privilege escalation. This issue affects WebinarIgnition from n/a through below 4.08.253.

CVE-2026-42757
Critical

CVE-2026-42757 describes an improper limitation of a pathname to a restricted directory, leading to a 'Path Traversal' vulnerability in the WebinarIgnition application. This issue affects versions from n/a to below 4.08.253.

CVE-2026-42756
Critical

The 'Path Traversal' vulnerability in Ludwig You QuickWebP has an improper limitation of a pathname to a restricted directory, allowing unauthorized access to files. This issue affects QuickWebP versions from n/a through 3.2.7.

CVE-2026-42755
Critical

CVE-2026-42755 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in RealMag777 TableOn versions from n/a to 1.0.5.1.

CVE-2026-42748
Critical

The vulnerability in WPify Woo Czech allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This issue affects WPify Woo Czech from n/a through 5.4.1.

CVE-2026-42747
Critical

CVE-2026-42747 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in Easy Form Builder. This issue affects versions from n/a through 4.0.6.

CVE-2026-42740
Critical

CVE-2026-42740 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in the Tainacan system. This issue affects Tainacan versions from n/a through 1.0.3.

CVE-2026-42731
Critical

CVE-2026-42731 describes an incorrect privilege assignment vulnerability in miniOrange OTP Verification that allows privilege escalation. This issue affects versions from n/a through 5.4.9 inclusive.

CVE-2026-42727
Critical

CVE-2026-42727 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection in the Active Products Tables for WooCommerce plugin in versions from n/a to 1.0.8.

PreviousPage 63 of 557Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS