CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A symlink traversal vulnerability was found in the libacl library before version 2.4.0 in pathname-based functions. A local attacker can replace any pathname component with a symbolic link, leading to privilege escalation by manipulating access control lists.
FrontAccounting before version 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without parameterization. Attackers with SA_GLANALYTIC permission can inject arbitrary SQL by supplying a closing parenthesis followed by malicious conditions to extract sensitive journal entry data through boolean-based blind SQL injection with reliable response size differentials.
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler. Authenticated attackers with SA_GLANALYTIC permission can inject malicious code into PARAM_2 and PARAM_3 POST parameters to execute arbitrary SQL queries.
FrontAccounting before version 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler. An authenticated attacker can inject UNION SELECT payloads into the PARAM_0 POST parameter, extracting arbitrary database data including usernames, password hashes, and email addresses, which are then rendered into PDF report output.
A path traversal vulnerability in FrontAccounting before version 2.4.20 allows authenticated attackers to achieve remote code execution by uploading files with traversal sequences in the unique_name parameter. Attackers can write a PHP file outside the attachments directory into the web root, leading to arbitrary code execution.
The vulnerability in fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fails to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The normalize() and equal() functions return values that differ from a WHATWG-compatible URL parser, allowing bypass of host-based security policies.
A cross-site scripting vulnerability was found in SourceCodester Inventory Management System 1.0 in the file /api/users_handler.php. Manipulating the full_name argument in the user registration endpoint allows remote script execution. The exploit is publicly available.
A SQL injection vulnerability has been detected in EyouCMS up to version 1.7.1 in the /index.php file of the API component. An attacker can remotely manipulate the click_like argument, leading to SQL injection. The exploit has been publicly disclosed and may be used.
A vulnerability has been found in SourceCodester Inventory Management System 1.0 in the file /api/users_handler.php of the User Registration Endpoint. Manipulation of the role argument leads to improper access controls, allowing remote exploitation.
A cross-site scripting vulnerability has been discovered in code-projects Online Music Site 1.0 in the file /Frontend/Feedback.php. Manipulation of the fname, femail, faddress, or fmessage arguments allows remote injection of malicious scripts.
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /preview3.php file. An attacker can remotely manipulate the course_year_section argument, leading to SQL injection. The exploit is publicly available.
In SourceCodester Class and Exam Timetabling System 1.0, the file /edit_class1.php is vulnerable to SQL injection via the ID argument. The attack can be performed remotely, and the exploit has been publicly disclosed.
A vulnerability in SzafirHost allows an attacker to inject a malicious native library into a JAR archive that is signed and verified. The signature verification uses a JarFile parser (reading the Central Directory), while extraction uses a JarInputStream parser (reading sequentially from local file headers). An attacker can insert a library entry between the last legitimate entry and the Central Directory, which is not seen by the signature verifier but is read and written by the extractor, leading to remote code execution.
A flaw was found in the vscode-java extension for Visual Studio Code, where it incorrectly trusts all Markdown content in JavaDoc hovers. A malicious Java file can hide commands, and if a user clicks a specially crafted link in a JavaDoc hover popup, an attacker can execute arbitrary VS Code commands.
The vulnerability in the /v1/upload/sbom endpoint allows an unauthenticated attacker to inject fake log entries by manipulating the iss claim in a JWT token. Due to disabled JWT signature verification and literal newline rendering in the log format, the attacker can create entries indistinguishable from genuine successful authentication messages.
Multiple stack-based buffer overflows were discovered in the xmlcatalog utility of libxml2 when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. Supplying an overly long input line can overflow internal buffers (command, arg, and argv) during input parsing.
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. By decompressing a specially crafted LZW file followed by an LZH file in one gzip -d command, an attacker can poison the shared global state and trigger an out-of-bounds read in the LZH decoder.
GNU gzip has a vulnerability in the gzexe utility related to insecure temporary file handling. When mktemp is not available in the user's PATH, gzexe creates a temporary file with a predictable name based solely on the PID, without exclusive access or existence checks. A local attacker can pre-create this path as a symlink to an arbitrary writable file, causing a TOCTOU condition that allows arbitrary file overwrite.
A stack-based buffer overflow vulnerability was found in the formPPPoESetup function of the /goform/formPPPoESetup file in Edimax EW-7478APC version 1.04. An attacker can remotely manipulate the pppUserName argument, causing a buffer overflow. The exploit has been made public and could be used.
A stack-based buffer overflow vulnerability was found in Edimax EW-7478APC version 1.04 in the formL2TPSetup function. An attacker can remotely manipulate the L2TPUserName argument, causing a buffer overflow. The exploit is public, and the vendor did not respond.

