CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network due to incorrect authorization.
A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.
A URL redirection to untrusted site (open redirect) vulnerability in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
An improper access control vulnerability in Azure Synapse allows an authorized attacker to elevate privileges over a network. The issue affects authorization mechanisms in Microsoft's analytics service.
In Libreswan, the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa() incorrectly verifies the DER encoding of the ASN.1 digest when processing IKEv2 AUTH payloads using RSASSA-PKCS1-v1_5. A remote attacker can exploit a Bleichenbacher-style attack to forge the AUTH payload when small public exponents (e.g., e=3) are used, leading to impersonation. Additionally, encoding a shorter-than-expected hash in the AUTH payload can trigger an assertion causing denial-of-service.
In Libreswan, the function RSA_authenticate_hash_signature_raw_rsa() did not properly verify the length of the authentication hash when processing IKEv1 packets with PKCS #1 RSA Encryption (RFC 2313). A remote attacker can use a variation of the Bleichenbacher attack to forge the SIG payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, sending a shorter-than-expected hash in the SIG payload can trigger an assertion and daemon restart, causing denial of service.
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart due to an off-by-one error in the PASSERT assertion. Continued exploitation leads to denial of service. IKEv1 is not affected.
The react-native-receive-sharing-intent library contains a path traversal vulnerability that allows a malicious app to write files outside the intended cache directory by supplying a crafted _display_name value with dot-dot path components. An attacker can send an ACTION_SEND intent to the exported share-receiver activity to overwrite arbitrary files in the app's private data directory, including databases, shared preferences, and cached configuration.
A vulnerability in fast-mcp-telegram before version 0.19.1 allows a remote HTTP client to bypass authentication by manipulating the session file path. The Bearer token validation does not reject path separators or normalize the path before checking if the session file exists, enabling a token like '../fast-mcp-telegram/telegram' to authenticate as the default legacy session.
A vulnerability in the UTT nv518G router running firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_445C5C component.
A buffer overflow vulnerability in UTT nv518G router firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_444C8C component.
A buffer overflow vulnerability in the UTT nv518G router running firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_487330 component.
A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead//sub_497498 component to cause a denial of service (DoS).
Notepad3 up to version 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, allowing a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the user's context when the About dialog is opened.
An out-of-bounds read vulnerability was found in the GCS_MAVLink library of ArduPilot up to version Plane-4.6.3, specifically in the GCS_MAVLINK::handle_serial_control() function.
A vulnerability in pdfcpu up to version 0.11.1 causes a denial-of-service (DoS) via uncontrolled recursion in the PDF parser. The ParseObjectContext() and parseArray() functions in parse.go recursively process nested PDF objects without enforcing a maximum nesting depth.
A vulnerability in the Ruby WEBrick library (up to version 1.9.2) re-parses the trailer Content-Length header into the canonical request state, enabling request smuggling attacks.
A vulnerability in ntopng up to version 6.6 allows predictable HTTP session identifiers, leading to session hijacking. Session IDs are generated using weak time-seeded pseudo-randomness, enabling an attacker to predict or collide session cookies.
Forgejo before version 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers. The attack involves setting a full name with an HTML payload and triggering an Actions run, leading to script injection when the page is rendered.
AutoBangumi before version 3.2.8 contains a server-side request forgery (SSRF) vulnerability. Unauthenticated remote attackers can probe internal network services by supplying arbitrary host values to an unprotected setup endpoint.

