CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-24228
High

The NVIDIA NeMo Framework for Linux contains a vulnerability that allows an attacker to deserialize untrusted data. A successful exploit may lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24155
High

The NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2026-10649
High

A flaw was found in Pacemaker where an integer overflow in the remote message decompression process allows an unauthenticated attacker to send a crafted compressed message before authentication. This causes memory corruption and a denial of service (DoS) in the CIB remote listener, leading to service crash.

CVE-2025-71261
High

An attacker with network-level access between SUSE Virtualization and Rancher Manager in SUSE Harvester before version 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

CVE-2024-38487
High

The api-gateway container running with root privileges allows an attacker to escape the container and access the host system to perform unintended actions.

CVE-2024-24909
High

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges.

CVE-2026-48780
High

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments.

CVE-2026-47684
High

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. In versions prior to 2.3.0, the regex used in the URL download feature for blocking private IP addresses does not match IPv4-mapped IPv6 addresses, allowing SSRF protection to be bypassed on dual-stack systems.

CVE-2026-12398
HighEPSS 55%

A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names into shell commands executed via subprocess.run() with shell=True. An authenticated user controlling a git repository can create a branch or tag with shell metacharacters to achieve remote code execution on the pulp worker.

CVE-2026-11317
High

A denial of service issue exists in the affected product due to a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected.

CVE-2026-0647
High

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint.

CVE-2026-0646
High

A denial-of-service issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.

CVE-2025-14272
High

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.

CVE-2025-11694
High

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attackers to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

CVE-2026-12328
High

Memory safety bugs were found in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, potentially allowing arbitrary code execution. The vulnerabilities were fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12327
High

Memory safety bugs exist in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some of these bugs showed evidence of memory corruption, which could potentially be exploited to run arbitrary code.

CVE-2026-12326
High

Memory safety bugs were found in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption, which could potentially allow arbitrary code execution. The vulnerabilities were fixed in Firefox 152 and Thunderbird 152.

CVE-2026-12324
High

Incorrect boundary conditions in the Graphics: CanvasWebGL component may lead to unexpected application behavior. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12318
High

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

CVE-2026-12317
High

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Thunderbird 152 as well.

PreviousPage 116 of 3345Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS