CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-57518
High

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to assign arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution.

CVE-2026-57231
High

Podman from version 1.8.1 to 5.8.4 contains a vulnerability where a container image with an environment variable consisting only of a key (no value) can trick Podman into passing that variable from the host into the container. Using an asterisk (*) as the key causes all host environment variables to be passed, allowing a malicious image to exfiltrate Podman environment variables from the session where the container is launched.

CVE-2026-56823
Medium

A vulnerability in AutoGPT allows an authenticated user to access the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint without verifying that the webhook belongs to them. An attacker can confirm webhook existence, leak the OAuth provider type, and in some cases trigger a ping delivery on behalf of another user.

CVE-2026-56663
High

In AutoGPT before version 0.6.52, an authenticated user can bypass SSRF protections and access internal network services. The _is_ip_blocked() function does not normalize IPv4-mapped IPv6 addresses or block special ranges like 100.64.0.0/10 (CGNAT).

CVE-2026-55686
Medium

A vulnerability in Podman from version 3.0.0 to 5.7.1 allows, by running a malicious container image where the WORKDIR path contains a symlink, to create a directory or modify ownership on the host filesystem. Ownership modification is less likely as it requires help from an untrusted process to trigger a race condition.

CVE-2026-55677
High

Echo, a Go web framework, has a vulnerability due to a mismatch in URL path decoding between the router and the static file handler. The router matches routes using the raw encoded path (preserving %2F as-is), while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an attacker to bypass route-level access controls and read static files without authorization.

CVE-2026-54636
Critical

A vulnerability in Dokku prior to version 0.38.7 allows escape from a Docker container via special shell characters in cron commands in the app.json file. An attacker can execute arbitrary commands on the host as the Dokku user.

CVE-2026-48529
Medium

GitHub MCP Server versions 0.22.0 through 1.1.2, when running in HTTP mode with --lockdown-mode enabled, uses a process-global singleton RepoAccessCache initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL queries are executed using the first user's credentials.

CVE-2026-45408
Critical

A vulnerability in Dokku before version 0.38.2 allows remote code execution by an authenticated user. The app name validation permits shell metacharacters, which are then embedded unquoted into a git hook script, enabling arbitrary command execution as the dokku user.

CVE-2026-45407
Medium

In Dokku prior to version 0.38.2, the git:auth command creates the $DOKKU_ROOT/.netrc file using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who can traverse the dokku home directory.

CVE-2026-45406
Critical

Dokku before version 0.38.2 contains a vulnerability in the openresty-vhosts plugin that allows arbitrary command execution on the host as the dokku user. The issue stems from improper interpolation of filenames from the app's openresty/http-includes/ git repository directory into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution.

CVE-2026-45405
Critical

A vulnerability in Dokku prior to version 0.38.2 allows an attacker to write arbitrary files on the system by exploiting the git:from-archive and certs:add commands. The attacker can supply a crafted tar/zip archive containing symbolic links, which enables overwriting the ~/.ssh/authorized_keys file and gaining unrestricted shell access.

CVE-2026-28385
Medium

In LXD versions 4.12 through 6.9, an SSRF vulnerability in the image import functionality allows authenticated users with can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. The LXD daemon fails to validate outbound destination IP addresses, enabling connections to loopback, RFC1918 private ranges, and cloud metadata endpoints.

CVE-2026-13434
Medium

A flaw in KubeVirt's network annotation generator allows a tenant with kubevirt.io:edit permissions to inject JSON into the v1.multus-cni.io/default-network annotation due to missing validation. When the ExternalNetResourceInjection feature gate is enabled (off by default), Multus can attach the pod to any network in any namespace.

CVE-2026-11779
Medium

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

CVE-2025-32423
Medium

In AutoGPT prior to version 0.6.32, there is a DoS vulnerability in the ExtractTextInformationBlock. A malicious user can send 10 KB of content, causing the server to consume 50 GB of memory, leading to resource exhaustion and denial of service.

CVE-2025-32394
Medium

In AutoGPT before version 0.6.32, there is a DoS vulnerability in the AITextSummarizerBlock. A malicious user can send 10 KB of content, causing the server to consume 50 GB of memory, leading to resource exhaustion and denial of service.

CVE-2026-9640
High

A privilege escalation vulnerability in LXD versions 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 allows bypassing project-restriction policies during snapshot restoration. An authenticated project operator can import a malicious instance backup with restricted configuration keys in a snapshot, which are applied without validation upon restoration.

CVE-2026-9639
Medium

A nil-pointer dereference vulnerability exists in LXD up to versions 6.8 and 5.21 on Linux in the CreateCustomVolumeFromBackup function. An authenticated user with can_create_storage_volumes permissions can cause a denial of service (DoS) by submitting a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

CVE-2026-5757
High

An unauthenticated remote attacker can read and exfiltrate the heap memory of the Ollama server through the model quantization engine, leading to sensitive data exposure.

PreviousPage 120 of 4513Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS