CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-59868
Medium

A vulnerability in HCL Traveler for Microsoft Outlook (HTMO) allows unauthorized access to sensitive application data, which could be exploited by an attacker to launch further attacks and cause unexpected application behavior.

CVE-2023-37524
High

HCL Traveler for Microsoft Outlook (HTMO) is vulnerable due to the use of .NET Framework 4.5, which has reached end-of-life and no longer receives security updates. This may expose the application to publicly known security weaknesses through vulnerable third-party components.

CVE-2026-56414
High

A vulnerability in H.View IP cameras allows authenticated users to upload arbitrary files to fixed filesystem locations without validating file type, structure, or size. This can place unexpected or malformed data in trusted certificate storage areas, affecting system integrity even after reboot.

CVE-2026-55975
High

A vulnerability in H.View IP cameras allows an authenticated user to inject unsanitized XML data into the certificate generation interface. This data is incorporated into a backend certificate creation command without proper validation, potentially leading to code execution with elevated privileges.

CVE-2026-33560
High

The DMP-5000 file service exposes authenticated arbitrary file upload functionality without validation. No file extension filtering or content inspection is enforced, allowing executable binaries and scripts to be accepted and written directly to the server.

CVE-2026-31928
High

DMP-5000 devices are shipped with a default administrative web account that has weak authentication controls and is not required to be changed during initial setup or operation. Using these accounts provides full system access.

CVE-2026-28701
CriticalEPSS 53%

A vulnerability in Daktronics Controller Firmware allows remote users (both authenticated and unauthenticated) to escape the intended directory and enumerate arbitrary file system paths.

CVE-2026-55069
High

A vulnerability in the BasicAuth component of Kestra OSS before version 1.3.24 allows an attacker with read access to the PostgreSQL database to recover the administrator password offline due to SHA-512's high computation speed. In Kubernetes deployments, this enables privilege escalation to read the cluster ServiceAccount token and all K8s Secrets.

CVE-2026-53577
Medium

In Kestra prior to versions 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control bypass that allows any authenticated user to read output files from any other execution within the same tenant, bypassing execution-level and namespace-level isolation.

CVE-2026-53576
Critical

In Kestra before versions 1.0.45 and 1.3.21, the REST API authentication filter bypasses credential checks for requests ending in '/configs'. An unauthenticated attacker can exploit this to create flows with Shell or Process tasks that execute as root inside the container, and via the mounted /var/run/docker.sock gain access to the host Docker daemon.

CVE-2026-50767
Medium

A stored cross-site scripting (XSS) vulnerability in Koha Library Management System versions 0 through 25.11 allows an authenticated remote attacker with admin privileges to inject arbitrary scripts via the item type check-in message field.

CVE-2026-50766
Medium

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System versions 0 through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

CVE-2026-50765
Medium

A stored cross-site scripting (XSS) vulnerability was discovered in the patron restriction type administration page of Koha Library Management System versions 0 through 25.11. It allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field).

CVE-2026-49984
High

In Kestra before versions 1.0.45 and 1.3.23, the local internal-storage backend improperly validates user-supplied paths, allowing an attacker to smuggle a traversal sequence using backslashes (..\..\..\) before conversion to forward slashes. An authenticated user with the lowest privilege can read any file on the server filesystem, including the H2 database, stored secrets, and credentials.

CVE-2026-49869
Critical

In Kestra OSS prior to versions 1.0.45 and 1.3.21, the AuthenticationFilter uses request.getPath().endsWith("/configs") to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match, any API path whose last segment is configs bypasses authentication entirely. An unauthenticated remote attacker can exploit this to create and execute arbitrary workflows without credentials.

CVE-2026-45807
High

In Kestra before versions 1.0.43 and 1.3.19, several API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard only inspects the literal URI.toString(), so a URL-encoded .. written as %2E%2E slips through. The downstream code then calls URI.getPath(), which decodes %2E%2E back to .., and the resulting path is handed to Paths.get(...) without normalization. The OS resolves the .. segments at open(2) time, so an authenticated user with a single execution can read any file the Kestra process has access to on the host filesystem (/etc/passwd, mounted secrets, other tenants' execution outputs, etc.).

CVE-2026-38571
Medium

In the unauthenticated UART debug console of the Tenda N300 F3 (V603) router, WPA2 credentials are stored and exposed in cleartext, and the rr/wr memory read/write commands lack authentication. A physically proximate attacker can obtain these credentials and arbitrarily read or write memory via the serial port.

CVE-2026-36908
Medium

A stack overflow vulnerability was found in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of Bento4 before version 1.8.9. Attackers can exploit this by providing a crafted MP4 file, causing a Denial of Service (DoS).

CVE-2026-36907
Medium

A stack overflow vulnerability in the AP4_StsdAtom::AP4_StsdAtom component of Bento4 before version 1.8.9 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

CVE-2026-36478
High

A vulnerability in Technitium DNS Server version 14.3 and earlier allows a remote attacker to cause a denial of service (DoS) via the DnsServerApp.exe, DnsServerApp.dll, and TechnitiumLibrary.Net/Dns/DnsClient.cs components.

PreviousPage 114 of 4496Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS