CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
In the openvm-pairing library prior to version 1.6.0, the try_honest_pairing_check function does not verify that the scaling factor s is in a proper subfield of Fp12, leading to incorrect pairing check results.
Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations could craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir.
JavaScript Cookie (js-cookie) prior to version 3.0.7 has a prototype pollution vulnerability in the internal assign() helper. An attacker can inject arbitrary cookie attributes such as domain, secure, samesite, expires, or path, overriding developer-intended restrictions.
In ImageMagick prior to versions 7.1.2.23 and 6.9.13-48, a missing check in the MIFF decoder allows a crafted file to cause an infinite loop, leading to CPU exhaustion.
In ImageMagick prior to versions 6.9.13-48 and 7.1.2-23, an out-of-bounds heap write vulnerability exists when reading multiple images with different dimensions. This issue has been fixed in the mentioned versions.
In versions prior to 16.2.6, the libp2p library allowed an unauthenticated remote peer to exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT_VALUE messages. The keys of these messages bypassed all content validation.
Sharp, a content management framework for Laravel, prior to version 9.22.0, exposed a generic download endpoint that authorized access only to the supplied Sharp entity instance. An authenticated user could use this instance to download unrelated objects from Laravel storage disks.
In TDengine versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. The issue is fixed in version 3.4.1.6.
Fedify, a TypeScript library for building federated server apps powered by ActivityPub, has a vulnerability that allows an attacker to use JSON-LD features to restructure a JSON-LD document. This restructuring changes how Fedify interprets the document without altering its Linked Data Signature.
A vulnerability in GIMP allows remote code execution via a heap-based buffer overflow when parsing HDR files. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious page.
The kafka-python library prior to version 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling. A malicious or man-in-the-middle broker can supply an excessively large iteration count, freezing the client event loop.
Kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation.
A command injection vulnerability in Palo Alto Networks PAN-OS software allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as root. Exploitation requires access to the CLI or Web UI.
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows an authenticated administrator with CLI access to perform actions on the device with root privileges. The risk is significantly minimized when CLI access is restricted to a limited group of administrators and management interface access is limited to trusted internal IP addresses.
A privilege escalation vulnerability in the Palo Alto Networks Prisma Access Agent on Linux devices allows a local user to execute code with elevated privileges.
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management.
A flaw was found in dracut where a remote attacker on the adjacent network can provide specially crafted DHCP options (e.g., a malicious hostname) to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.
The Snappy library in versions prior to 1.7.1 has an issue with improper processing of binary paths, which can lead to code injection. The escapeshellarg function does not work correctly, allowing for the use of unsafe input.
A single-click remote code execution vulnerability in Atril Document Viewer (default PDF reader in MATE) allows an attacker to execute arbitrary commands by tricking a user into clicking a link in a malicious PDF. The root cause is missing shell quoting in the `ev_spawn` function.

