CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
There is a broken access control issue in Genemy versions <= 1.6.6 that may allow unauthorized subscribers to access resources.
HCL ZIE for Web is affected by an unrestricted file upload vulnerability. If the server is configured to execute code, it may be possible to obtain command execution by uploading a web shell.
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed.
A vulnerability has been identified in the Netskope Client for Windows that allows a malicious insider with admin privileges to bypass NSClient Tamper protections due to weak Discretionary Access Control Lists (DACLs) on the service object and related registry keys.
A vulnerability has been identified in the Netskope Client for Windows systems that allows a malicious insider with administrative privileges to tamper with the client IOCTL by sending crafted requests to the driver. A successful exploit can lead to bypassing all anti-tampering protections for NSClient.
Metro Magazine by Rara Themes has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.
AliNext has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects versions from n/a through 3.3.5.
CVE-2024-35690 describes a vulnerability where sensitive information can be inserted into sent data in MarketingFire Widget Options, allowing retrieval of embedded sensitive data.
CSRF vulnerability in Andy Moyle's Emergency Password Reset allows Cross-Site Request Forgery. This issue affects versions from n/a through 8.0.
CVE-2024-34810 describes a Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Skyline WP, allowing for CSRF attacks. This affects Skyline WP versions from n/a through 1.0.10.
A missing authorization vulnerability in Avirtum iPages Flipbook allows exploiting incorrectly configured access control security levels.
Startupzy has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.
Inisev Social Media & Share Icons has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.
Missing Authorization vulnerability in Shareaholic allows exploiting incorrectly configured access control security levels. This issue affects Shareaholic from n/a through 9.7.11.
Vulnerability in LangGraph Python SDK (versions up to 0.3.14) due to unsafe URL path construction from unsanitized caller-supplied identifiers. Identifiers with special URL characters can cause HTTP requests to target different resources, potentially leading to unauthorized access, modification, or deletion.
Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community (component: Integration and Interfaces). Affects version 9.2.38. Allows a high-privileged attacker with network access via HTTPS to perform unauthorized creation, deletion, or modification of critical data and access all accessible data.
Vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) in version 7.2.8 allows a high privileged attacker to gain access to the system, potentially compromising Oracle VM VirtualBox. Attacks may significantly impact additional products, increasing the scope of the threat.
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code) allows a low privileged attacker with network access to compromise MySQL Shell. Successful attacks can lead to unauthorized access to critical data or complete access to all MySQL Shell accessible data.
A vulnerability in the MySQL Shell product of Oracle MySQL allows an unauthenticated attacker with network access to compromise MySQL Shell. Human interaction is required, increasing the risk of unauthorized access to critical data.
A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox runs. Attacks may significantly impact additional products, leading to unauthorized access to critical data.

