CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-45408
Critical

A vulnerability in Dokku before version 0.38.2 allows remote code execution by an authenticated user. The app name validation permits shell metacharacters, which are then embedded unquoted into a git hook script, enabling arbitrary command execution as the dokku user.

CVE-2026-45407
Medium

In Dokku prior to version 0.38.2, the git:auth command creates the $DOKKU_ROOT/.netrc file using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who can traverse the dokku home directory.

CVE-2026-45406
Critical

Dokku before version 0.38.2 contains a vulnerability in the openresty-vhosts plugin that allows arbitrary command execution on the host as the dokku user. The issue stems from improper interpolation of filenames from the app's openresty/http-includes/ git repository directory into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution.

CVE-2026-45405
Critical

A vulnerability in Dokku prior to version 0.38.2 allows an attacker to write arbitrary files on the system by exploiting the git:from-archive and certs:add commands. The attacker can supply a crafted tar/zip archive containing symbolic links, which enables overwriting the ~/.ssh/authorized_keys file and gaining unrestricted shell access.

CVE-2026-28385
Medium

In LXD versions 4.12 through 6.9, an SSRF vulnerability in the image import functionality allows authenticated users with can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. The LXD daemon fails to validate outbound destination IP addresses, enabling connections to loopback, RFC1918 private ranges, and cloud metadata endpoints.

CVE-2026-13434
Medium

A flaw in KubeVirt's network annotation generator allows a tenant with kubevirt.io:edit permissions to inject JSON into the v1.multus-cni.io/default-network annotation due to missing validation. When the ExternalNetResourceInjection feature gate is enabled (off by default), Multus can attach the pod to any network in any namespace.

CVE-2026-11779
Medium

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

CVE-2025-32423
Medium

In AutoGPT prior to version 0.6.32, there is a DoS vulnerability in the ExtractTextInformationBlock. A malicious user can send 10 KB of content, causing the server to consume 50 GB of memory, leading to resource exhaustion and denial of service.

CVE-2025-32394
Medium

In AutoGPT before version 0.6.32, there is a DoS vulnerability in the AITextSummarizerBlock. A malicious user can send 10 KB of content, causing the server to consume 50 GB of memory, leading to resource exhaustion and denial of service.

CVE-2026-9640
High

A privilege escalation vulnerability in LXD versions 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 allows bypassing project-restriction policies during snapshot restoration. An authenticated project operator can import a malicious instance backup with restricted configuration keys in a snapshot, which are applied without validation upon restoration.

CVE-2026-9639
Medium

A nil-pointer dereference vulnerability exists in LXD up to versions 6.8 and 5.21 on Linux in the CreateCustomVolumeFromBackup function. An authenticated user with can_create_storage_volumes permissions can cause a denial of service (DoS) by submitting a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

CVE-2026-5757
High

An unauthenticated remote attacker can read and exfiltrate the heap memory of the Ollama server through the model quantization engine, leading to sensitive data exposure.

CVE-2026-47214
High

In Docling prior to version 2.94.0, unsafe URI and path handling was found in the HTML backend. This vulnerability could allow an attacker to perform unauthorized operations on files or network resources.

CVE-2026-45195
High

A vulnerability in kernel software running inside a Host VM allows sending improper commands to the GPU firmware, potentially causing memory read or write outside the permitted range. Addresses passed to the GPU firmware can be used to gain more privileged memory access than allowed by the system.

CVE-2026-44018
Medium

A vulnerability in the Docling library versions 2.45.0 through 2.91.0 involves missing security controls in XML parsing within the METS-GBS backend and input document format detection. An attacker can craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes.

CVE-2026-21734
High

A vulnerability in the GPU shader compiler allows an out-of-bounds write by loading a web page with specially crafted GPU shader code. This can cause a segmentation fault in the compiler under certain conditions.

CVE-2026-12411
High

A Broken Access Control vulnerability in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

CVE-2026-0828
High

The kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows an unprivileged user to abuse the IOCTL path and terminate protected system processes.

CVE-2026-0685
Critical

Server side template injection (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

CVE-2025-11919
Critical

The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath, leading to arbitrary code execution during JVM startup.

PreviousPage 144 of 4542Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS