CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-54998
High

A vulnerability in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network due to incorrect authorization.

CVE-2026-45499
Critical

A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.

CVE-2026-41106
Critical

A URL redirection to untrusted site (open redirect) vulnerability in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26145
Medium

An improper access control vulnerability in Azure Synapse allows an authorized attacker to elevate privileges over a network. The issue affects authorization mechanisms in Microsoft's analytics service.

CVE-2026-50722
High

In Libreswan, the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa() incorrectly verifies the DER encoding of the ASN.1 digest when processing IKEv2 AUTH payloads using RSASSA-PKCS1-v1_5. A remote attacker can exploit a Bleichenbacher-style attack to forge the AUTH payload when small public exponents (e.g., e=3) are used, leading to impersonation. Additionally, encoding a shorter-than-expected hash in the AUTH payload can trigger an assertion causing denial-of-service.

CVE-2026-50721
High

In Libreswan, the function RSA_authenticate_hash_signature_raw_rsa() did not properly verify the length of the authentication hash when processing IKEv1 packets with PKCS #1 RSA Encryption (RFC 2313). A remote attacker can use a variation of the Bleichenbacher attack to forge the SIG payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, sending a shorter-than-expected hash in the SIG payload can trigger an assertion and daemon restart, causing denial of service.

CVE-2026-12413
High

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart due to an off-by-one error in the PASSERT assertion. Continued exploitation leads to denial of service. IKEv1 is not affected.

CVE-2026-58460
High

The react-native-receive-sharing-intent library contains a path traversal vulnerability that allows a malicious app to write files outside the intended cache directory by supplying a crafted _display_name value with dot-dot path components. An attacker can send an ACTION_SEND intent to the exported share-receiver activity to overwrite arbitrary files in the app's private data directory, including databases, shared preferences, and cached configuration.

CVE-2026-52830
Critical

A vulnerability in fast-mcp-telegram before version 0.19.1 allows a remote HTTP client to bypass authentication by manipulating the session file path. The Bearer token validation does not reject path separators or normalize the path before checking if the session file exists, enabling a token like '../fast-mcp-telegram/telegram' to authenticate as the default legacy session.

CVE-2026-52192
Low risk· EPSS 10%

A vulnerability in the UTT nv518G router running firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_445C5C component.

CVE-2026-52191
Low risk· EPSS 13%

A buffer overflow vulnerability in UTT nv518G router firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_444C8C component.

CVE-2026-52189
Low risk· EPSS 13%

A buffer overflow vulnerability in the UTT nv518G router running firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_487330 component.

CVE-2026-52188
Low risk· EPSS 13%

A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead//sub_497498 component to cause a denial of service (DoS).

CVE-2026-38972
Low risk· EPSS 8%

Notepad3 up to version 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, allowing a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the user's context when the About dialog is opened.

CVE-2026-38971
Low risk· EPSS 6%

An out-of-bounds read vulnerability was found in the GCS_MAVLink library of ArduPilot up to version Plane-4.6.3, specifically in the GCS_MAVLINK::handle_serial_control() function.

CVE-2026-38970
Low risk· EPSS 7%

A vulnerability in pdfcpu up to version 0.11.1 causes a denial-of-service (DoS) via uncontrolled recursion in the PDF parser. The ParseObjectContext() and parseArray() functions in parse.go recursively process nested PDF objects without enforcing a maximum nesting depth.

CVE-2026-38969
Low risk· EPSS 6%

A vulnerability in the Ruby WEBrick library (up to version 1.9.2) re-parses the trailer Content-Length header into the canonical request state, enabling request smuggling attacks.

CVE-2026-38968
Low risk· EPSS 5%

A vulnerability in ntopng up to version 6.6 allows predictable HTTP session identifiers, leading to session hijacking. Session IDs are generated using weak time-seeded pseudo-randomness, enabling an attacker to predict or collide session cookies.

CVE-2026-59102
Medium

Forgejo before version 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers. The attack involves setting a full name with an HTML payload and triggering an Actions run, leading to script injection when the page is rendered.

CVE-2026-59101
Medium

AutoBangumi before version 3.2.8 contains a server-side request forgery (SSRF) vulnerability. Unauthenticated remote attackers can probe internal network services by supplying arbitrary host values to an unprotected setup endpoint.

PreviousPage 14 of 4450Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS