CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-41121
High

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVE-2026-13760
High

OS command injection vulnerability in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib. An attacker controlling dependency version strings in package.json can execute arbitrary commands on the CDK toolchain host via injected shell metacharacters.

CVE-2026-57736
High

An insertion of sensitive information into sent data vulnerability in HubSpot allows retrieval of embedded sensitive data. This issue affects HubSpot from n/a through 11.3.51.

CVE-2026-57723
High

A CSRF vulnerability in VikBooking Hotel Booking Engine & PMS allows an attacker to perform operations leading to Path Traversal. This issue affects all versions up to and including 1.8.12.

CVE-2026-54428
High

A vulnerability in the HTTP/2 HPACK decoder in Apache HttpComponents Core (versions 5.4.2 and earlier, 5.5-beta1 and earlier) allows a remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement applies the configured header list size limit.

CVE-2026-49091
High

CWE-117 vulnerability in Kibana allows injection of unsanitized data into logs. An attacker can supply specially crafted input that is written to log files without proper neutralization. When logs are viewed in a terminal that interprets control sequences, the injected content may alter the displayed log data.

CVE-2026-46680
High

In containerd prior to versions 1.7.32, 2.0.9, 2.2.4, and 2.3.1, containers with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This allows bypassing the Kubernetes runAsNonRoot restriction if a crafted image maps this large numeric string to root in /etc/passwd, causing the container to run as root (UID 0).

CVE-2026-58454
High

JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware 4.8.30.57701411 contain a remote code execution vulnerability. An authenticated attacker can write a malicious script to persistent JFFS2 storage and trigger execution via an HTTP endpoint, achieving persistent control over the device.

CVE-2026-58452
HighEPSS 82%

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability. An authenticated attacker can achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint.

CVE-2026-57516
High

Ray prior to version 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader. An attacker can achieve remote code execution by supplying a malicious tar archive to the read_webdataset() function. The _default_decoder() function in webdataset_datasource.py unconditionally calls pickle.loads() on tar entries with .pkl/.pickle extensions and torch.load() with weights_only=False on .pt/.pth entries, executing arbitrary code inside Ray remote workers.

CVE-2026-54399
High

An uncontrolled resource consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (versions 5.4.2 and earlier, 5.5-beta1 and earlier) allows a remote attacker to cause a denial of service through memory exhaustion by sending messages with an excessive number of headers or excessive header length.

CVE-2026-20244
High

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) or other impacts due to memory corruption on an affected device. The issue stems from improper boundary checks during DMG scanning, leading to an integer overflow on 32-bit platforms only.

CVE-2026-20243
High

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition or other impacts due to memory corruption. The issue stems from improper boundary checks during ALZ file scanning, leading to an out-of-bounds buffer write.

CVE-2026-20217
High

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition or other impacts due to memory corruption. The issue stems from improper boundary checks in PESpin files during scanning, potentially leading to an out-of-bounds buffer write.

CVE-2026-20216
High

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This is due to improper handling of temporary resources during file scanning.

CVE-2026-20215
High

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other impacts from memory corruption. The issue is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write.

CVE-2026-20214
High

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition or other impacts due to memory corruption. The issue stems from improper boundary checks during FSG file scanning, leading to an out-of-bounds buffer write.

CVE-2026-20213
High

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other impacts, due to memory corruption. The issue stems from improper boundary checks in PE files, leading to an out-of-bounds buffer write.

CVE-2026-20191
HighEPSS 51%

A vulnerability in Cisco Catalyst Center allows an unauthenticated, remote attacker to read arbitrary files from a restricted container. The issue is due to insufficient validation of user-supplied input.

CVE-2026-24264
High

NVIDIA Triton Inference Server for Linux has a vulnerability involving improper handling of highly compressed data. An attacker could exploit this flaw, potentially leading to a denial of service (DoS).

PreviousPage 15 of 3321Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS