CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Boruta, an authorization server, prior to version 0.9.1, sets session cookies and the 'remember me' cookie without the Secure attribute. In HTTP connections, an attacker could intercept these cookies, leading to the ability to impersonate the user.
A path traversal vulnerability in Keras versions prior to 3.14.0 affects archive extraction utilities. The validation functions check paths against the current working directory (CWD) instead of the actual extraction destination, allowing bypass in environments like Docker, CI/CD, or Jupyter where CWD is '/', leading to arbitrary file writes.
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process.
GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user could have added unauthorized email addresses to a targeted user's account due to improper sanitization of user-supplied input in certain group setting fields.
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. An attacker in the same local network can read arbitrary files from the server's operating system by manipulating HTTP request paths.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, this could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request parsing middleware.
GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user with the Owner role could take over another group member's GitLab account due to improper authorization in the Group SAML identity management functionality.
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user with developer-role permissions could execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.
A vulnerability in vLLM versions 0.8.0 and later allows a DoS attack via memory exhaustion. The `VideoMediaIO.load_base64()` method does not limit the number of video frames when processing `video/jpeg` data URLs, enabling an attacker to send a request with thousands of encoded frames, causing server crash.
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request.
CVE-2023-33999 describes improper neutralization of input during web page generation, leading to a 'cross-site scripting' (XSS) vulnerability in the WPVibes WP Mail Log plugin. This issue affects versions from n/a to 1.0.2.
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can cause security annotations to be ignored at runtime if used for authorization decisions.
A vulnerability in Spring for GraphQL allows Cross-Site WebSocket Hijacking, where an attacker can trick an authenticated user into visiting a malicious page. This enables arbitrary GraphQL operations to be executed with the victim's credentials.
Spring for GraphQL is vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes.
A vulnerability in Spring WS allows outbound connections to unverified addresses when non-anonymous ReplyTo or FaultTo addresses are used. This may lead to unauthorized access to external resources.
CVE-2026-40998 affects the Jaxp13XPathTemplate component, which evaluates XPath expressions for StreamSource and SAXSource inputs using the default DocumentBuilderFactory behavior of the JDK. This could lead to XML External Entity (XXE) attacks in applications processing untrusted XML data.
Wss4jSecurityInterceptor incorrectly initializes its BSP compliance flag, leading to the disabling of BSP enforcement for RequestData. Services validating WS-Security on the network may accept messages that violate BSP rules.
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.
The UpdraftPlus: WP Backup & Migration Plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.26.4. This is due to insufficient validation of the remote communications message format, allowing signature verification to be bypassed.
In ImageMagick, prior to versions 6.9.13-50 and 7.1.2-25, the ICON decoder contains an incorrect loop that can lead to an out-of-bounds heap write, resulting in a crash.

