CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The NVIDIA NeMo Framework for Linux contains a vulnerability that allows an attacker to deserialize untrusted data. A successful exploit may lead to code execution, privilege escalation, data tampering, and information disclosure.
The NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
A flaw was found in Pacemaker where an integer overflow in the remote message decompression process allows an unauthenticated attacker to send a crafted compressed message before authentication. This causes memory corruption and a denial of service (DoS) in the CIB remote listener, leading to service crash.
An attacker with network-level access between SUSE Virtualization and Rancher Manager in SUSE Harvester before version 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
The api-gateway container running with root privileges allows an attacker to escape the container and access the host system to perform unintended actions.
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges.
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments.
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. In versions prior to 2.3.0, the regex used in the URL download feature for blocking private IP addresses does not match IPv4-mapped IPv6 addresses, allowing SSRF protection to be bypassed on dual-stack systems.
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names into shell commands executed via subprocess.run() with shell=True. An authenticated user controlling a git repository can create a branch or tag with shell metacharacters to achieve remote code execution on the pulp worker.
A denial of service issue exists in the affected product due to a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected.
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint.
A denial-of-service issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attackers to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
Memory safety bugs were found in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, potentially allowing arbitrary code execution. The vulnerabilities were fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Memory safety bugs exist in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, which could potentially be exploited to run arbitrary code.
Memory safety bugs were found in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption, which could potentially allow arbitrary code execution. The vulnerabilities were fixed in Firefox 152 and Thunderbird 152.
Incorrect boundary conditions in the Graphics: CanvasWebGL component may lead to unexpected application behavior. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Thunderbird 152 as well.

