CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-48618
Medium

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismatch.

CVE-2026-48615
High

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.

CVE-2026-13226
Medium

The Groundhogg plugin for WordPress (versions up to and including 4.5.4) is vulnerable to generic SQL injection via the 'after' parameter. Authenticated attackers with Sales Manager-level access or above can append additional SQL queries to existing ones, enabling extraction of sensitive data from the database. Additionally, the AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, allowing any authenticated user to reach the vulnerable code path.

CVE-2026-9222
High

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. An attacker who knows the hash can authenticate and gain full access.

CVE-2026-9221
High

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID.

CVE-2026-9220
High

The Setracker2 Android Companion App versions 3.1.5 and prior encrypts communication between the watch and its backend using static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.

CVE-2026-9219
Medium

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior generate a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment, allowing an attacker who obtains the registration ID to arbitrarily enroll watches belonging to other users.

CVE-2026-43920
Medium

A vulnerability in FOSSBilling versions 0.5.4 through 0.7.2 allows an unauthenticated remote attacker to trigger the /run-patcher maintenance endpoint, which executes critical operations such as configuration file modifications, database schema changes, filesystem mutations, and cache clearing. The lack of authentication and CSRF validation enables denial-of-service attacks via a simple HTTP GET request.

CVE-2026-13322
Low

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.

CVE-2026-13318
Medium

A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and passes it directly to net.Dial() without validation. For VMIs using non-masquerade network bindings (bridge or secondary-only), this IP is reported by the QEMU guest agent running inside the VM and is fully controllable by the VM owner.

CVE-2026-13218
Medium

A flaw in KubeVirt's virt-handler network cache handling allows a user with access to the virt-launcher container to overwrite arbitrary host files with JSON content and change their ownership by planting a symlink at the cache file path.

CVE-2026-13083
Medium

A flaw was found in the Pen Drive report generator where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored XSS payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.

CVE-2026-12993
Medium

A vulnerability in Apicurio Registry occurs because DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, although it blocks external DTD and schema access. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant), causing CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit.

CVE-2026-40941
Medium

In Cacti versions 1.2.30 and prior, a package import signature validation bypass allows self-signed packages. This issue has been fixed in version 1.2.31.

CVE-2026-40084
Medium

Cacti versions 1.2.30 and prior are vulnerable to Path Traversal via the Report format_file parameter, allowing arbitrary file read. The vulnerability involves two stages: stored injection without validation and subsequent file read using an unsanitized path.

CVE-2026-40083
High

Cacti versions 1.2.30 and prior have an SQL injection vulnerability in managers.php due to unsanitized unserialize and implode operations. The lack of integer validation on deserialized array values allows attackers with SNMP agent management permissions to execute arbitrary SQL commands.

CVE-2026-40082
Medium

Cacti versions 1.2.30 and prior do not call session_regenerate_id() after successful login, allowing Session Fixation attacks. An attacker can fixate a session and hijack it after the victim logs in.

CVE-2026-40080
Medium

Cacti versions 1.2.30 and prior are vulnerable to Open Redirect due to using str_contains() for referer checking instead of full host validation. An attacker can craft a malicious Referer header to redirect the user to an attacker-controlled site after login.

CVE-2026-8720
High

The wc_Blake2bHmacFinal and wc_Blake2sHmacFinal functions in the wolfSSL library have an issue when the key length exceeds the block size, resulting in a MAC that is independent of the input data. When a key is too long, the hashing state is reset, causing the loss of message data.

CVE-2026-7532
High

A vulnerability in the wolfSSL library allows bypassing IP address name constraints when the WOLFSSL_IP_ALT_NAME macro is not defined. In this configuration, a certificate can violate IP address constraints imposed by a certificate authority.

PreviousPage 172 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS