CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2025-55017
Critical

A Path Traversal vulnerability has been discovered in Apache IoTDB, allowing bypass of file path restrictions. The issue affects versions from 2.0.0 before 2.0.6 and from 1.0.0 before 1.3.6.

CVE-2026-57881
Critical

In GeoVision GV-LPC2011 and GV-LPC2211 devices version V1.12 and earlier, a stack-based buffer overflow vulnerability exists in the vlsvr component. An unauthenticated remote attacker can exploit this vulnerability by sending crafted login data with overly long input, leading to memory corruption, denial of service, or potentially remote code execution.

CVE-2026-57880
Critical

A stack-based buffer overflow vulnerability exists in the ssvr component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version V1.12 and earlier. The issue is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. An unauthenticated remote attacker can exploit this by sending a crafted RTSP request with overly long authentication data, leading to memory corruption, denial of service, or potentially arbitrary code execution.

CVE-2026-57879
Critical

A stack-based buffer overflow vulnerability exists in the ssvr component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version V1.12 and earlier. The issue is caused by insufficient bounds checking when processing RTSP custom authentication data. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted RTSP request, potentially leading to memory corruption, denial of service, or arbitrary code execution.

CVE-2026-57878
Critical

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

CVE-2026-48930
Critical

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

CVE-2026-40702
Critical

The vulnerability in WebSocket endpoints is due to the lack of proper authentication mechanisms, allowing attackers to impersonate charging stations. As a result, an attacker can gain unauthorized access to sensitive data or perform unauthorized actions.

CVE-2025-71338
Critical

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.

CVE-2025-71336
Critical

Flowise before version 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature. An attacker can send a crafted JSON payload with the header 'x-request-from: internal' to the /api/v1/node-load-method/customMCP endpoint to execute arbitrary OS commands, leading to complete compromise of the platform container or server.

CVE-2025-71334
CriticalEPSS 54%

Flowise before version 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.

CVE-2025-71333
Critical

Flowise through version 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially enabling remote code execution and server compromise.

CVE-2025-71327
Critical

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.

CVE-2026-56445
Critical

The vulnerability in the qrscp application consists of the C-STORE handler using a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.

CVE-2026-7531
Critical

Use-after-free vulnerability in PQC hybrid key-share handling. This is an incomplete fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

CVE-2026-57700
Critical

The OMGF Pro WordPress plugin contains an unrestricted file upload vulnerability with dangerous file types, allowing an attacker to upload malicious files to the server. The issue affects versions from n/a through 5.2.6.

CVE-2026-56786
Critical

RTKLIB through version 2.4.3 contains an out-of-bounds write vulnerability in the decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.

CVE-2026-54917
Critical

SeaweedFS before version 4.30 has a vulnerability due to improper path cleaning in S3 and Iceberg REST catalog routers. An attacker can use '..' sequences in a request to bypass access controls and read or write data in any bucket.

CVE-2026-54089
Critical

File Browser is a file management interface that, starting from version 2.0.0-rc.1, allows unauthenticated attackers to impersonate users, including admins, by sending a forged HTTP header. No credentials are required to gain access.

CVE-2026-54088
Critical

File Browser prior to version 2.63.6 had a vulnerability in the Hook Authentication feature that allowed delegating login verification to an external shell command. User-supplied credentials were interpolated into this command string without sanitization, enabling remote attackers to execute arbitrary OS commands before any authentication.

CVE-2026-50549
Critical

Vulnerability in Cursor before version 3.0 allows a malicious agent to write files outside the workspace without user approval. The agent uses an in-workspace symlink pointing outside and forces path canonicalization to fail, resulting in writing to an arbitrary location. This enables non-sandboxed remote code execution, e.g., by overwriting the sandbox helper.

PreviousPage 13 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS