CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.07)
This CVE has been rejected and should not be used. The candidate number was issued in error, and all references and descriptions have been removed to prevent accidental usage.
A stack-based buffer overflow vulnerability in the web management interface of TP-Link TL-WR841N v14 allows an authenticated remote attacker to crash the device by sending a crafted HTTP request. Successful exploitation leads to a denial-of-service condition, causing the device to crash and automatically reboot.
In Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10, users with the Project Owner role can exploit improper privilege handling to escalate their privileges.
In Snowflake CLI versions prior to 3.19, sensitive credentials (passwords, tokens, private keys) were written in plaintext to local debug log files. An attacker with read access to these logs could steal authentication data.
A vulnerability in Snowflake CLI prior to version 3.19 allows arbitrary code execution due to improper neutralization in the Snowpark annotation processor callback template. An attacker can supply crafted project content that is interpolated into generated Python code, causing the CLI to execute attacker-controlled code in the local user context.
A vulnerability in Snowflake CLI prior to version 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary.
Snowflake CLI versions prior to 3.19 contain a vulnerability due to improper neutralization of local CLI parameters, allowing unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing unintended SQL execution in the context of the user's Snowflake session.
A vulnerability in Snowflake CLI prior to version 3.19 allowed unintended SQL execution by supplying crafted repository, project configuration, manifest data, or specification input. An attacker could execute arbitrary SQL in the context of the victim's Snowflake session.
A vulnerability in Honeywell IQ MultiAccess (versions up to and including 28) stems from improper digital signature verification. It allows an attacker to replace a downloaded file with a malicious one.
In PcapPlusPlus 25.05, the function parse_by_block_type in light_pcapng.c is vulnerable to a heap-based buffer overflow. An attacker can remotely exploit this by manipulating the captured_packet_length argument, though the attack complexity is high and exploitation is difficult.
A buffer overflow vulnerability was found in Edimax EW-7478APC version 1.04 in the formUSBFolder function of the /goform/formUSBFolder file. Manipulation of the ShareName/SelectName arguments in a POST request can cause a buffer overflow, enabling remote attack. The exploit has been publicly disclosed and may be used.
A buffer overflow vulnerability has been found in Edimax EW-7478APC version 1.04 in the formUSBAccount function of the /goform/formUSBAccount file. An attacker can remotely manipulate the UserName/Password arguments, causing a buffer overflow. The exploit has been published and may be used.
A vulnerability was found in Edimax EW-7478APC 1.04, involving OS command injection in the formStaDrvSetup function via the rootAPmac argument. The attack is remotely exploitable and the exploit is publicly available.
A buffer overflow vulnerability has been detected in the Edimax EW-7478APC version 1.04 in the formQoS function of the /goform/formQoS file. An attacker can remotely manipulate the selSSID argument, leading to a buffer overflow. The exploit has been publicly disclosed and may be used.
In Devolutions PowerShell Universal 2026.2.0, a vulnerability was found involving the insertion of sensitive information into sent data in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable authentication tokens with potentially higher privileges, which are serialized in plaintext in job API responses.
CVE-2026-57525 has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.
This CVE has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.
The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin version 2.9.0 and below contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker without authentication to access sensitive data or operations by manipulating object identifiers.
The Japanized For WooCommerce plugin version 2.9.12 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.
The Business Directory plugin version 6.4.23 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

