CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The EPDS and EDS systems do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in.
The EPDS and EDS systems expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary 'user_id' parameter and receive a JSON response containing account-specific information, including the associated email address.
Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering unrestricted HTTP requests to external URLs. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information.
A flaw in 389 Directory Server causes the attr_syntax_swap_ht() function to unconditionally free attribute syntax information nodes during schema reload, bypassing the refcount-based deferred deletion. If an administrator triggers schema reload while concurrent LDAP queries are active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
GeoServer prior to versions 2.26.4 and 2.27.3 may allow an attacker to perform unauthenticated Server-Side Request Forgery (SSRF) using `ENTITY_RESOLUTION_ALLOWLIST`. This requires GeoServer to be configured to use a proxy base URL without a path or ending with a slash.
CVE-2026-56009 describes an improper neutralization of input during web page generation in Bricksable for Bricks Builder, allowing for Stored XSS attacks.
CVE-2026-56007 describes an improper neutralization of input during web page generation in OceanWP Ocean Product Sharing, leading to Stored XSS vulnerabilities.
UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, allowing attackers to execute arbitrary JavaScript in the context of a victim's browser.
UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing.
A path traversal vulnerability in handling the 'path' component of .repo files in libzypp before version 17.38.13 in the 17.x series, or before 16.22.19, could allow attackers to fill directories on the system outside of the zypp cache with content.
CVE-2026-42490 vulnerability relates to the way the system acquires a lock for guest management operations in a Xen environment. When using XSM/Flask, the lock acquisition may occur before permission checks, creating a risk of unauthorized access.
CVE-2026-42489 concerns the lack of fairness in the way system-wide locks are acquired during domctl operations, which may lead to issues with parallel execution of these operations.
The vulnerability in Docker Sandboxes (sbx) is that the ICMP egress block is applied only at network creation time and is not re-applied to networks rebuilt from disk after a Docker daemon restart. Consequently, a sandbox that survives a restart can forward ICMP to arbitrary hosts.
The firmware of the V380 IP camera from Shenzhen Liandian Communication Technology LTD has a vulnerability related to a broken authorization boundary in the RTSP media delivery pipeline. This allows unauthenticated network actors to bypass the authentication process and directly access the live video stream.
A vulnerability in Docker Sandboxes (sbx) allows bypassing the HTTP/S-only egress allowlist via DNS tunneling. The embedded DNS server forwards queries to the host resolver without policy enforcement, enabling untrusted workloads to exfiltrate data encoded in DNS labels.
The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to and including 1.0 due to insufficient input sanitization and output escaping.
8cc is vulnerable to an Out-of-Bounds Read due to improper handling of #line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation.
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'alwaysauto' shortcode attribute in all versions up to and including 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes.
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server.

