CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-13211
Medium

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the 'Service' or 'Admin' role.

CVE-2026-12480
Medium

A vulnerability in Keras versions up to and including 3.13.2 allows arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The issue stems from missing checks of the `dataset.is_virtual` property in `H5IOStore._verify_dataset()` and `file_editor.py` methods. An attacker can craft a malicious `.keras` model or `.h5` weights file with a Virtual Dataset (VDS) referencing external HDF5 files.

CVE-2026-8480
Medium

A vulnerability in Stormshield Network Security allows authentication using a revoked client certificate on the captive-admin portal. An attacker possessing such a certificate can gain administrative access.

CVE-2026-58033
Medium

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Actions/InfoAction.php file.

CVE-2026-58032
Medium

A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.

CVE-2026-58030
Medium

An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.

CVE-2026-58029
Medium

A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-58027
Medium

A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.

CVE-2026-58025
Medium

Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58024
Medium

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-24266
Medium

NVIDIA Triton Inference Server for Linux contains a use-after-free vulnerability that an attacker can exploit. Successful exploitation could lead to denial of service.

CVE-2026-6686
Medium

FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This can lead to data disclosure.

CVE-2026-6685
Medium

A vulnerability in FatFs R0.16 and earlier allows bypassing dirty-cache consistency checks via unsigned-subtraction wrap in f_read() and f_write() during interleaved read/write operations on fragmented filesystems.

CVE-2026-6684
Medium

A vulnerability in FatFs prior to R0.16, using GPT scanning with 'FF_LBA64 = 1', causes an infinite loop during filesystem mounting. The issue stems from an unbounded loop count derived from the GPTH_PtNum field in the GPT header, leading to extremely long or infinite mount times.

CVE-2026-6683
Medium

FatFs R0.16 and earlier contains a divide-by-zero bug in exFAT sync logic. Crafted metadata can cause n_fatent - 2 to be zero during write/sync operations, leading to a system crash.

CVE-2026-6283
Medium

A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc. The flaw is caused by improper input neutralization during web page generation, allowing injection of malicious scripts.

CVE-2026-5220
Medium

A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc., due to improper input neutralization during web page generation. The issue affects versions from 4.8.2.23 up to 4.8.3.0.

CVE-2026-5142
Medium

A flaw was found in Foreman where authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments.

CVE-2026-5138
Medium

A cross-tenant information disclosure vulnerability was found in Foreman. An authenticated user with host-edit permissions can bypass authorization checks and leak sensitive infrastructure metadata from unauthorized organizations and locations.

CVE-2026-5135
Medium

A flaw was found in Foreman where a broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorization checks.

PreviousPage 12 of 485Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS