CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-47684
High

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. In versions prior to 2.3.0, the regex used in the URL download feature for blocking private IP addresses does not match IPv4-mapped IPv6 addresses, allowing SSRF protection to be bypassed on dual-stack systems.

CVE-2026-12398
HighEPSS 55%

A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names into shell commands executed via subprocess.run() with shell=True. An authenticated user controlling a git repository can create a branch or tag with shell metacharacters to achieve remote code execution on the pulp worker.

CVE-2026-11317
High

A denial of service issue exists in the affected product due to a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected.

CVE-2026-0647
High

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint.

CVE-2026-0646
High

A denial-of-service issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.

CVE-2025-14272
High

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.

CVE-2025-11694
High

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attackers to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

CVE-2026-12327
High

Memory safety bugs exist in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, which could potentially be exploited to run arbitrary code.

CVE-2026-12326
High

Memory safety bugs were found in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption, which could potentially allow arbitrary code execution. The vulnerabilities were fixed in Firefox 152 and Thunderbird 152.

CVE-2026-12324
High

Incorrect boundary conditions in the Graphics: CanvasWebGL component may lead to unexpected application behavior. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12318
High

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

CVE-2026-12317
High

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Thunderbird 152 as well.

CVE-2026-12314
High

A memory safety bug was fixed in Firefox 152. This vulnerability also affects Firefox ESR 140.12 and Thunderbird 152 and 140.12.

CVE-2026-12312
High

Memory safety bug fixed in Firefox 152. This vulnerability also affects Firefox ESR 140.12 and Thunderbird 152 and 140.12.

CVE-2026-12310
High

Memory safety bug fixed in Firefox 152. This vulnerability was also fixed in Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12305
High

A memory safety bug was fixed in Firefox 152. This vulnerability was also fixed in Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12225
High

The syracom AG Secure Login (2FA) plugin for Atlassian Jira, Confluence, and Bitbucket version 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid login credentials can bypass the two-factor authentication process by sending crafted HTTP requests with a specific User-Agent header.

CVE-2026-10829
High

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the 'Server location' parameter on the Basic settings page.

CVE-2026-8442
HighEPSS 52%

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. Missing authorization checks and insufficient path validation allow attackers to delete files on the server.

CVE-2026-8176
High

The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to and including 5.5.1. The plugin chains three independent flaws that allow an authenticated Agent (Agent+) to overwrite a WordPress Administrator's password without invoking an Administrator-only API.

PreviousPage 115 of 3341Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS