CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The Motors WordPress plugin before version 1.4.110 lacks proper authorization and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image, and product prices on WooCommerce sites.
The ultimate-woocommerce-auction-pro plugin for WordPress up to version 2.4.5 does not sanitize and escape a parameter before outputting it back on the page, leading to a Reflected Cross-Site Scripting vulnerability. This could be exploited against high privilege users such as admins.
The Pie Register WordPress plugin before version 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters.
In vulnerability CVE-2026-12822 in langflow-ai langflow up to version 1.9.3, a flaw was found in the Bundle URL Loader component. It allows code injection by a local attacker. The vendor did not respond to the disclosure.
A vulnerability CVE-2026-12821 was identified in FlowiseAI Flowise up to version 3.1.2, concerning an unknown function in the file packages/components/nodes/documentloaders/S3/S3.ts related to the S3 Document Loader component. Executing a manipulation can lead to path traversal.
A vulnerability has been found in coollabsio coolify version 4.0.0, affecting an unknown function of the Image Name Handler component. Manipulation of this function leads to OS command injection.
A flaw has been found in Comfast CF-WR631AX V3 up to version 2.7.0.8 affecting the system function of the file /cgi-bin/mbox-config?section=ping_config. Manipulation of the argument destination leads to remote OS command injection.
A vulnerability was detected in activepieces up to version 0.83.0, affecting the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the File URL Handler component. The manipulation results in server-side request forgery.
A weakness has been identified in kortix-ai suna up to version 0.8.38, affecting the function router.replace/router.push in the file apps/frontend/src/app/auth/page.tsx of the Auth Endpoint component. Manipulating the returnURL argument can lead to cross site scripting attacks.
A security flaw has been discovered in Edimax BR-6478AC V2 version 1.23, affecting the function mp of the file /goform/mp. Manipulating the argument command results in command injection, which can be performed remotely.
A vulnerability was identified in Edimax BR-6478AC V2 1.23, affecting the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect. Manipulation of the argument newpass leads to command injection.
A vulnerability was identified in Edimax BR-6478AC V2 version 1.23 that affects the function stainfo in the file /goform/stainfo. Manipulation of the argument interface leads to command injection, which can be executed remotely.
A vulnerability was found in Edimax BR-6478AC V2 1.23 affecting the setWAN function in the /goform/setWAN file. Manipulation of the pppUserName/pptpUserName/L2TPUserName arguments results in command injection.
A flaw has been found in OFFIS DCMTK up to version 3.7.0 in the function XMLNode::parseFile, which can lead to heap-based buffer overflow. The attack may be performed remotely.
A vulnerability was detected in lemonldap-ng up to version 2.23.0, affecting an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm. Manipulating the argument url results in an open redirect, which can be exploited remotely.
In libexpat before version 2.8.2, XML_TOK_DATA_CHARS is not considered in doCdataSection, leading to a lack of handler call depth tracking in cases of policy violation. This can result in a use-after-free error.
In libexpat before version 2.8.2, there is an integer overflow in the xmlwf function that can occur when processing NOTATION declarations in endDoctypeDecl.
In libexpat before version 2.8.2, there is an integer overflow in the resolveSystemId function, which may lead to unexpected application behavior.
In libexpat before version 2.8.2, there is an integer overflow for the output filename when the -d outputDir option is used.

