CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version_meta for any app_id.
Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature. After a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state, leading to repeated password-reset prompts.
Capgo before version 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs.
The vulnerability in GitHub Copilot and Visual Studio Code is caused by initializing a resource with an insecure default, allowing an unauthorized attacker to disclose information over a network.
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` to attach slice headers to a finished picture object that has no active image unit, resulting in attacker-controlled unbounded heap growth.
Kestra is an event-driven orchestration platform that, prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, had an issue with the `inputFiles` task. This allowed file names to be written directly in the task working directory, potentially leading to overwriting files outside of that directory.
A vulnerability in Microsoft Copilot allows an unauthorized attacker to perform command injection over a network. The issue stems from improper neutralization of special elements used in a command.
In the Mercator application prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in the CVE configuration panel. The `testProvider()` method in `ConfigurationController` does not validate user input, allowing authenticated users with the right permissions to force arbitrary outbound network requests.
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs, which can lead to the disclosure of HTML files outside the intended static tree.
In versions 1.0.0-preview.97 through 1.0.0-preview.101, the @microsoft/kiota-http-fetchlibrary incorrectly handles `Authorization` and `Cookie` headers in cross-origin redirects. The default `scrubSensitiveHeaders` function does not remove these headers, allowing them to be forwarded to malicious hosts.
Statamic is a Laravel and Git powered content management system. Prior to versions 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, potentially exposing sensitive information.
A vulnerability in Grafana Tempo allows an authenticated user to execute a TraceQL query with a large exemplars hint value, causing excessive memory allocation and crashing the Tempo instance due to out-of-memory.
A flaw was found in the AWX GitHub webhook integration. The controller stores the statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint.
The WP Go Maps – Most Popular Map Plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 10.1.01. This is due to improper verification of user authorization, allowing unauthenticated attackers to create arbitrary records in the plugin's database tables.
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, the library fetched the content of option values server-side, leading to the possibility of Server-Side Request Forgery attacks and local file disclosure.
Prior to version 1.22.1 of the libheif library, the uncompressed HEIF decoder incorrectly validated explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash.
The Joomla! Component Easy Shop version 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the appropriate parameters to access sensitive files.
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.
The GridTime 3000 GNSS Time Server contains an open redirect vulnerability in the password change form submission. An attacker can exploit this flaw to redirect users to a malicious site after a password change.
A cross-site scripting (XSS) vulnerability was found in the GridTime 3000 password reset form due to improper input neutralization during web page generation. The issue affects versions from 1.0r0.03 before 1.2r0.0.

