CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-69137
Medium

There is a broken access control issue in Genemy versions <= 1.6.6 that may allow unauthorized subscribers to access resources.

CVE-2025-59872
Medium

HCL ZIE for Web is affected by an unrestricted file upload vulnerability. If the server is configured to execute code, it may be possible to obtain command execution by uploading a web shell.

CVE-2025-48571
Medium

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2025-15642
Medium

A vulnerability has been identified in the Netskope Client for Windows that allows a malicious insider with admin privileges to bypass NSClient Tamper protections due to weak Discretionary Access Control Lists (DACLs) on the service object and related registry keys.

CVE-2025-15641
Medium

A vulnerability has been identified in the Netskope Client for Windows systems that allows a malicious insider with administrative privileges to tamper with the client IOCTL by sending crafted requests to the driver. A successful exploit can lead to bypassing all anti-tampering protections for NSClient.

CVE-2024-37496
Medium

Metro Magazine by Rara Themes has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2024-37210
Medium

AliNext has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects versions from n/a through 3.3.5.

CVE-2024-35690
Medium

CVE-2024-35690 describes a vulnerability where sensitive information can be inserted into sent data in MarketingFire Widget Options, allowing retrieval of embedded sensitive data.

CVE-2024-35648
Medium

CSRF vulnerability in Andy Moyle's Emergency Password Reset allows Cross-Site Request Forgery. This issue affects versions from n/a through 8.0.

CVE-2024-34810
Medium

CVE-2024-34810 describes a Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Skyline WP, allowing for CSRF attacks. This affects Skyline WP versions from n/a through 1.0.10.

CVE-2024-33909
Medium

A missing authorization vulnerability in Avirtum iPages Flipbook allows exploiting incorrectly configured access control security levels.

CVE-2024-33685
Medium

Startupzy has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2024-31435
Medium

Inisev Social Media & Share Icons has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2024-24709
Medium

Missing Authorization vulnerability in Shareaholic allows exploiting incorrectly configured access control security levels. This issue affects Shareaholic from n/a through 9.7.11.

CVE-2026-48776
Medium

Vulnerability in LangGraph Python SDK (versions up to 0.3.14) due to unsafe URL path construction from unsanitized caller-supplied identifiers. Identifiers with special URL characters can cause HTTP requests to target different resources, potentially leading to unauthorized access, modification, or deletion.

CVE-2026-46979
Medium

Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community (component: Integration and Interfaces). Affects version 9.2.38. Allows a high-privileged attacker with network access via HTTPS to perform unauthorized creation, deletion, or modification of critical data and access all accessible data.

CVE-2026-46877
Medium

Vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) in version 7.2.8 allows a high privileged attacker to gain access to the system, potentially compromising Oracle VM VirtualBox. Attacks may significantly impact additional products, increasing the scope of the threat.

CVE-2026-46871
Medium

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code) allows a low privileged attacker with network access to compromise MySQL Shell. Successful attacks can lead to unauthorized access to critical data or complete access to all MySQL Shell accessible data.

CVE-2026-46869
Medium

A vulnerability in the MySQL Shell product of Oracle MySQL allows an unauthenticated attacker with network access to compromise MySQL Shell. Human interaction is required, increasing the risk of unauthorized access to critical data.

CVE-2026-46825
Medium

A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox runs. Attacks may significantly impact additional products, leading to unauthorized access to critical data.

PreviousPage 94 of 514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS