CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication for data streaming due to improper access control.
An improper access control vulnerability in UniFi Protect Application allows an attacker with network access to bypass authentication in certain API endpoints.
A Path Traversal vulnerability in self-hosted instances of UniFi Network Application allows an attacker with network access and high privileges to escalate write permissions on the host device.
A vulnerability in UniFi Network Application allows an attacker with network access to execute a Denial of Service (DoS) attack through improper input validation.
An SQL Injection vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on affected UniFi OS devices or instances.
A Path Traversal vulnerability in devices running UniFi OS allows an attacker with network access to bypass authentication. The flaw affects specific UniFi OS devices or instances.
An SSRF vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on the device or instance.
An improper validation vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.
The vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to access privileged driver functions through a Minifilter communication port that lacks proper access restrictions.
A privilege escalation flaw in luci-app-travelmate and the travelmate package allows a session with UCI write ACL to set arbitrary script and arguments, executed as root by the travelmate service. The UI restriction to /etc/travelmate/*.login is only frontend.
The WPIDE – File Manager & Code Editor plugin version 3.5.6 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions in the context of the site administrator.
The WP EasyCart plugin for WordPress versions 5.9.0 and earlier contains a SQL injection vulnerability via the 'contributor' attribute. This allows an attacker to manipulate database queries.
The SEOWP plugin version 3.12.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick an administrator into performing unintended actions without their knowledge.
The ProfileGrid plugin version 5.9.9.7 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick a logged-in administrator into performing unintended actions without their knowledge.
The Permalink Manager for WooCommerce plugin version 1.0.8.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick a logged-in administrator into performing unintended actions without their knowledge.
The pCloud WP Backup plugin version 2.0.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick an administrator into performing unintended actions in the WordPress admin panel.
The nicen-localize-image plugin version 1.4.9 and earlier contains a SQL injection vulnerability in the Contributor component. This allows an attacker to manipulate database queries.
SQL Injection vulnerability in the Contributor component of iNET Webkit 1.2.4 allows an attacker to inject malicious SQL code into database queries.
The Heateor Social Login plugin version 1.1.39 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of an authenticated administrator.
The SportsPress Pro plugin version 2.7.29 and earlier contains a Contributor Local File Inclusion (LFI) vulnerability. This allows an attacker with contributor privileges to read sensitive files on the server.

