CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the 'Service' or 'Admin' role.
A vulnerability in Keras versions up to and including 3.13.2 allows arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The issue stems from missing checks of the `dataset.is_virtual` property in `H5IOStore._verify_dataset()` and `file_editor.py` methods. An attacker can craft a malicious `.keras` model or `.h5` weights file with a Virtual Dataset (VDS) referencing external HDF5 files.
A vulnerability in Stormshield Network Security allows authentication using a revoked client certificate on the captive-admin portal. An attacker possessing such a certificate can gain administrative access.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Actions/InfoAction.php file.
A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.
An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.
A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.
Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
NVIDIA Triton Inference Server for Linux contains a use-after-free vulnerability that an attacker can exploit. Successful exploitation could lead to denial of service.
FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This can lead to data disclosure.
A vulnerability in FatFs R0.16 and earlier allows bypassing dirty-cache consistency checks via unsigned-subtraction wrap in f_read() and f_write() during interleaved read/write operations on fragmented filesystems.
A vulnerability in FatFs prior to R0.16, using GPT scanning with 'FF_LBA64 = 1', causes an infinite loop during filesystem mounting. The issue stems from an unbounded loop count derived from the GPTH_PtNum field in the GPT header, leading to extremely long or infinite mount times.
FatFs R0.16 and earlier contains a divide-by-zero bug in exFAT sync logic. Crafted metadata can cause n_fatent - 2 to be zero during write/sync operations, leading to a system crash.
A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc. The flaw is caused by improper input neutralization during web page generation, allowing injection of malicious scripts.
A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc., due to improper input neutralization during web page generation. The issue affects versions from 4.8.2.23 up to 4.8.3.0.
A flaw was found in Foreman where authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments.
A cross-tenant information disclosure vulnerability was found in Foreman. An authenticated user with host-edit permissions can bypass authorization checks and leak sensitive infrastructure metadata from unauthorized organizations and locations.
A flaw was found in Foreman where a broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorization checks.

