CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-54250
Medium

In K3s before versions 1.35.3+k3s1, 1.34.6+k3s1, and v1.33.10+k3s1, a path traversal vulnerability exists in the etcd snapshot decompression functionality. ZIP archives containing maliciously named members can be written to arbitrary filesystem locations when an administrator restores the archive as a compressed etcd snapshot.

CVE-2026-54097
High

File Browser before version 2.63.6 contains a vulnerability where a low-privileged authenticated user with create and delete permissions in their own isolated scope can permanently destroy share-link records belonging to other users, including the administrator. This is done by performing a legitimate DELETE operation on a file whose logical path is a byte-prefix of another user's stored share.Link.Path.

CVE-2026-54096
High

File Browser prior to version 2.63.7 allowed creating public shares for any path without verifying the existence of the file. When a file was created at that same location, the share became immediately active, leading to unauthorized access to files.

CVE-2026-54094
High

File Browser prior to version 2.63.14 does not prevent HTTP file handlers from following symbolic links, allowing users to cross their intended scope boundaries.

CVE-2026-54093
Medium

A vulnerability in File Browser prior to version 2.63.6 allows files with backslash characters in their names to be saved, potentially leading to unauthorized file writes outside the target directory when extracting the archive on Windows systems.

CVE-2026-54092
Medium

In File Browser before version 2.63.6, the maximum password length is not checked, allowing an arbitrarily long password to be sent to the login API. This causes a spike in CPU and memory usage, leading to container crashes and potentially disrupting the Docker daemon.

CVE-2026-54091
High

File Browser before version 2.63.6 contains a vulnerability due to incorrect path handling in public shares. An attacker who knows the URL of a public directory share can bypass rules blocking access to files and subdirectories located under the shared directory. The issue arises because the system rebases the filesystem root to the shared directory and then evaluates paths relative to it, instead of relative to the owner's original scope.

CVE-2026-54090
High

File Browser before version 2.33.8 allows bypassing the command allowlist using shell metacharacters. The allowlist only validates the first token of user input, but the entire raw string is passed to the shell, allowing arbitrary commands to be executed after a permitted one.

CVE-2026-54089
Critical

File Browser is a file management interface that, starting from version 2.0.0-rc.1, allows unauthenticated attackers to impersonate users, including admins, by sending a forged HTTP header. No credentials are required to gain access.

CVE-2026-54088
Critical

File Browser prior to version 2.63.6 had a vulnerability in the Hook Authentication feature that allowed delegating login verification to an external shell command. User-supplied credentials were interpolated into this command string without sanitization, enabling remote attackers to execute arbitrary OS commands before any authentication.

CVE-2026-53925
High

Glances is a system monitoring tool that, from versions 4.0.8 to 4.5.5, has a vulnerability in the secure_popen() function. This function interprets redirection, pipe, and command chaining operators without validation, allowing unauthorized actions on the system.

CVE-2026-50549
Critical

Vulnerability in Cursor before version 3.0 allows a malicious agent to write files outside the workspace without user approval. The agent uses an in-workspace symlink pointing outside and forces path canonicalization to fail, resulting in writing to an arbitrary location. This enables non-sandboxed remote code execution, e.g., by overwriting the sandbox helper.

CVE-2026-50548
Critical

A vulnerability in Cursor before version 3.0 allows a malicious agent to modify the working_directory parameter, enabling file writes outside the intended workspace. This can lead to remote code execution without user interaction, e.g., by overwriting the cursorsandbox helper.

CVE-2026-4930
High

A vulnerability in the SYMCRYPTO hardware module (SiXG301) allows weakening of DPA (Differential Power Analysis) countermeasures by forcing specific seed values. An attacker with code execution capability on the device can reduce the entropy of protection mechanisms, increasing the risk of cryptographic key extraction.

CVE-2026-46611
Medium

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser.

CVE-2026-46608
High

In Glances before version 4.5.5, a vulnerability exists in the XML-RPC server. When the CORS origin list (cors_origins) contains more than one entry, the implementation incorrectly sets the Access-Control-Allow-Origin header to *, allowing access from any origin. A malicious web page can thus read the full system monitoring dataset without the victim's knowledge.

CVE-2026-46607
High

Glances is a system monitoring tool that prior to version 4.5.5 used pickle.load() to read a version-check cache file. The lack of integrity checks and format validation before deserialization allows an attacker with access to this file to plant a malicious pickle file, leading to arbitrary code execution.

CVE-2026-46606
High

Glances is a system monitoring tool that prior to version 4.5.5 had a vulnerability in the KVM/QEMU monitoring engine. VM domain names were passed into command templates without proper sanitization, allowing users with the ability to create or rename virtual machines to execute arbitrary commands.

CVE-2026-28898
Medium

The HTTP/2-to-HTTP/1.1 codec in swift-nio-http2 did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. Version 1.44.1 adds validation of all pseudo-headers (:path, :authority, :scheme, :method, :status) at both the HPACK header validation layer and the HTTP/2-to-HTTP/1.1 translation layer, rejecting requests or responses containing CR, LF, or NUL bytes.

CVE-2026-12921
High

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

PreviousPage 177 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS