CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-10097
High

The AVX2-optimized ML-KEM implementation in wolfSSL compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts differing solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security.

CVE-2025-60465
Medium

A use-after-free vulnerability was found in the gf_filter_pid_inst_swap function of GPAC/MP4Box before version 26.02.0. An attacker can supply a crafted media file to cause a Denial of Service (DoS).

CVE-2025-60464
High

A use-after-free vulnerability was found in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC/MP4Box before version 26.02.0. Attackers can cause a Denial of Service (DoS) by supplying a crafted MPEG-2 TS file.

CVE-2026-57700
Critical

The OMGF Pro WordPress plugin contains an unrestricted file upload vulnerability with dangerous file types, allowing an attacker to upload malicious files to the server. The issue affects versions from n/a through 5.2.6.

CVE-2026-56790
High

In CANBoat through version 6.22 (fixed in commit a5a22b7), an off-by-one global buffer overflow vulnerability exists in the searchForPgn() function in analyzer/pgn.c. Attackers can send a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP, causing an out-of-bounds array access and application crash.

CVE-2026-56789
Medium

RTKLIB through version 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c. Attackers can exploit this by providing a malicious RINEX file with more than 64 satellites per epoch, leading to heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications such as rnx2rtkp and RTKPOST.

CVE-2026-56788
Medium

RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

CVE-2026-56787
Medium

An off-by-one out-of-bounds read vulnerability in RTKLIB through version 2.4.3 in the decode_ssr3 function at src/rtcm3.c:1446 allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields.

CVE-2026-56786
Critical

RTKLIB through version 2.4.3 contains an out-of-bounds write vulnerability in the decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.

CVE-2026-56779
Medium

MaxKB before version 2.10.0 contains a server-side request forgery (SSRF) vulnerability in tool creation and update endpoints. It allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters.

CVE-2026-56774
Medium

Kanboard versions up to 1.2.52 have a vulnerability that allows authenticated users to delete other users' 'Remember Me' sessions. The issue arises from a lack of validation of the session ID parameter in the UserViewController::removeSession method.

CVE-2026-56772
Medium

NewsBlur before version 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notifications by supplying arbitrary user_id values to the GET /social/interactions endpoint without ownership verification.

CVE-2026-56771
High

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration.

CVE-2026-56770
High

libais through 0.15 has a vulnerability where VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences.

CVE-2026-56769
High

Huly Platform through version 0.7.423 contains an authenticated server-side request forgery (SSRF) vulnerability in the /import endpoint that allows workspace users to make arbitrary server requests.

CVE-2026-56768
High

A vulnerability in Seahub before version 13.0.23 allows unauthenticated users to bypass the SHARE_LINK_LOGIN_REQUIRED enforcement via a GET request to /api/v2.1/share-link-zip-task/. Attackers with a folder share-link token can obtain a fileserver zip token and download entire shared directory trees.

CVE-2026-56767
High

Maxun before version 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens.

CVE-2026-56766
High

Hydra up to version 9.7 contains a stack buffer overflow vulnerability in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing buffer overflow and enabling remote code execution.

CVE-2026-55667
High

In File Browser before version 2.63.16, an authenticated user with only Create permission can delete files outside their scope (including other tenants' data and the application's database) by exploiting the cleanup path after a failed upload. The ScopedFs.RemoveAll method bypasses symlink protections, and the direct upload handler calls it on a user-controlled path.

CVE-2026-54917
Critical

SeaweedFS before version 4.30 has a vulnerability due to improper path cleaning in S3 and Iceberg REST catalog routers. An attacker can use '..' sequences in a request to bypass access controls and read or write data in any bucket.

PreviousPage 176 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS