CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-46752
Critical

Vulnerability in the cjson library in Apache Kvrocks causing Lua HEAP overflow. Affects versions from 2.0.4 to 2.15.0.

CVE-2026-41566
Critical

CVE-2026-41566 involves improper handling of insufficient permissions in Apache Kvrocks version 2.8.0. This issue has been fixed in version 2.16.0.

CVE-2026-40079
CriticalEPSS 62%

Cacti versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function in lib/rrd.php, which returns the command unchanged. The rrdtool_function_graph() function passes the built command to shell_exec() through this ineffective function, and the risk is that text_format values from graph templates (which may contain host variable substitutions) reach shell_exec() without adequate escaping.

CVE-2026-39955
Critical

Cacti versions 1.2.30 and prior contain a pre-authentication SQL injection vulnerability via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.

CVE-2026-39948
Critical

In Cacti versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() instead of gfrv() with FILTER_VALIDATE_IS_REGEX validation and concatenated directly into RLIKE SQL clauses in lib/html_graph.php and lib/html_tree.php. These files are reachable pre-authentication through graph_view.php on installations with guest graph viewing enabled. Because the unbalanced-quote payload bypasses the regex validation that would otherwise reject it, an unauthenticated attacker can inject arbitrary SQL to compromise the confidentiality, integrity, and availability of the database.

CVE-2026-39938
Critical

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.

CVE-2026-55666
Critical

In Rocket.Chat prior to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in loginHandler.ts, handleIdentityToken parses a JWT from Apple during OAuth. If the JWT lacks an email, the app accepts an arbitrary email from the request, enabling account takeover.

CVE-2026-55570
Critical

SiYuan is an open-source personal knowledge management system that prior to version 3.7.0 did not escape untrusted fields (name, version, author, description) when serialized into the data-obj HTML attribute of each marketplace card. As a result, a package containing a single quote could inject arbitrary HTML, escalating from DOM XSS to arbitrary OS command execution.

CVE-2026-55455
Critical

Appsmith before version 2.1 has a vulnerability due to insufficient IP address filtering in HTTP requests. The host blocking mechanism relies on an exact-match denylist rather than comprehensive address checks (e.g., loopback), allowing an authenticated user to send requests to loopback services inside the container.

CVE-2026-55454
Critical

In Appsmith before version 2.1, the bundled Caddy reverse-proxy exposes an unauthenticated admin API on port 2019 inside the container. A low-privileged authenticated user can exploit an SSRF vulnerability to send a POST /load request to this API, fully replacing the live Caddy configuration and taking over the reverse proxy.

CVE-2026-54158
Critical

A vulnerability in SiYuan before version 3.7.0 allows JavaScript injection via a crafted cell value in the attribute-view (database) renderer. An attacker with write access to a synced workspace can plant malicious content that executes arbitrary JavaScript when the victim opens the block-attribute panel. On Electron desktop with nodeIntegration enabled, this XSS can escalate to remote code execution (RCE) via require('child_process').

CVE-2026-54069
Critical

SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, allowing RoleAdministrator access to every installed browser extension without authentication.

CVE-2026-54067
Critical

SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, a CSS snippet body containing </style> breaks out of its surrounding <style> tag, allowing arbitrary JavaScript execution in the renderer. On Electron desktop builds, the renderer runs with nodeIntegration:true, enabling access to require('child_process') from the injected handler, leading to remote code execution (RCE).

CVE-2026-50551
Critical

SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, there is a stored cross-site scripting (XSS) vulnerability in the Attribute View asset cell renderer that can escalate to remote code execution (RCE) in the Electron desktop client.

CVE-2026-39893
Critical

In Cacti versions 1.2.30 and prior, the rfilter request variable was concatenated into an RLIKE SQL clause without sanitization. The vulnerability allows pre-auth SQL Injection (SQLi) if guest graph viewing is enabled. The issue was fixed in version 1.2.31.

CVE-2026-52813
CriticalEPSS 62%

Gogs before version 0.14.3 accepts organization names containing path traversal sequences (../), allowing repositories to be written to arbitrary filesystem locations. By creating nested Git repository structures, one can overwrite another repository's hooks configuration, leading to Remote Code Execution (RCE).

CVE-2026-52811
Critical

Gogs before version 0.14.3 contains a vulnerability due to improper symlink checking during multipart file upload. An attacker with repo-write access can use a filename containing a backslash to write arbitrary data outside the repository, e.g., to authorized_keys or a post-receive hook.

CVE-2026-52806
CriticalEPSS 59%

Gogs before version 0.14.3 allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the 'Rebase before merging' merge operation.

CVE-2026-46423
Critical

A vulnerability in Rocket.Chat before versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 causes the SAML service provider implementation to silently skip SAML Response and Assertion signature validation when the configured IdP certificate field is empty. The verifySignatures routine performs an early return when serviceProviderOptions.cert is falsy, which is the default state of the setting.

CVE-2026-45689
Critical

An unauthenticated attacker can obtain a valid OAuth access token for any Rocket.Chat user by sending a single HTTP POST with MongoDB query operators to the /oauth/token endpoint. The OAuth2 server does not validate that grant parameters are strings, allowing substitution of values like {"$ne": null} and receiving an access token for the first matched user.

PreviousPage 15 of 552Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS