CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Svelte framework versions from 5.51.5 to before 5.55.7 contain an internal regex that can take exponential time to test in the <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.
A heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
A vulnerability in the UDFS file system driver in Windows allows for privilege escalation. An attacker can exploit this flaw to gain elevated privileges on the system.
A vulnerability in the UDFS file system driver in Windows allows for elevation of privilege. An attacker can exploit this flaw to gain higher privileges in the system.
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Improper handling of insufficient permissions in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
A remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. This can lead to unbounded memory allocation and abnormal termination of the application.
The PKCS#12 file processing fails to perform sufficient input validation for files using the PBMAC1 integrity mechanism, allowing for certificate and private key forgery.
The vulnerability concerns parsing a crafted DER-encoded ASN.1 structure with content exceeding 2 gigabytes. This may lead to a heap buffer over-read on Unix and Unix-like platforms, potentially causing application crashes or loading memory contents beyond the end of the input buffer into the ASN.1 object.
A trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
Microsoft Azure Kubernetes Service has an improper limitation of a pathname to a restricted directory, leading to a 'path traversal' vulnerability. This allows an authorized attacker to execute code locally.
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
NVIDIA DALI contains a vulnerability in a component that could lead to a heap-based buffer overflow. A successful exploit of this vulnerability might result in code execution, data tampering, denial of service, and information disclosure.
Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.
Insufficient input validation in the NETGEAR JR6150 allows users connected to local WiFi networks to execute operating system commands. The device has reached End-of-Support phase in 2018, and no further security updates are planned.
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Mem0 versions up to 0.2.8 contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but does not validate the caller's role. Any authenticated user with a distributed API key can redirect traffic to an attacker-controlled server.

