CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A vulnerability in pnpm package manager prior to versions 10.33.4 and 11.0.7 allows a malicious codeload.github.com server to serve arbitrary tarballs, which pnpm will install regardless of the lockfile. The lockfile does not store hashes for dependencies from this server, enabling package substitution.
The vulnerability in jq (versions prior to 1.8.2) allows a DoS attack via C stack exhaustion when comparing deeply nested arrays with the == operator. The issue stems from missing recursion guards in jvp_array_equal() and jv_equal() functions in src/jv.c.
The vulnerability allows bypassing X.509 trust-chain validation in the wolfSSL_X509_verify_cert() function of wolfSSL compiled with --enable-opensslextra. When the application supplies untrusted intermediate certificates and the chain exceeds the maximum allowed depth (default 100), the validator accepts an attacker-controlled certificate without reaching a trusted anchor.
A flaw in Keycloak Policy Enforcer allows any authenticated user to bypass all authorization policies, including role, scope, and UMA permission checks. By including the configured access-denied page path within a request URL, as a path segment or query parameter, an attacker can gain unauthorized access to protected resources.
A flaw was found in the Keycloak authorization component. An authenticated user with a UMA permission ticket for one resource can bypass per-resource access control for all resources of the same type on the resource server by using a specific permission request prefix. This vulnerability requires PERMISSIVE policy enforcement mode and ownerManagedAccess enabled for typed resources without explicit policies.
A flaw in Keycloak's client registration service allows a remote attacker with a previously issued Registration Access Token (RAT) to re-enable a client disabled by an administrator. The attacker can reset the client secret and potentially regain privileged API access.
A missing authorization check in the Keycloak GroupResource.addChild() endpoint allows an authenticated user with limited admin privileges to reparent any group. With FGAPv2 enabled, an attacker can move a high-privilege group under their control.
A flaw was found in Keycloak allowing a remote attacker with administrative privileges (specifically those with `manage-client` permission or access to client registration endpoints) to bypass client URI validation. The attacker can register a malicious client with a crafted redirect URI using case-insensitive `javascript:` or `data:` schemes, leading to a Cross-Site Scripting (XSS) vulnerability.
A flaw was found in Keycloak where a realm administrator with the 'manage-realm' role can submit an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows probing of arbitrary filesystem paths to determine which files exist and are readable by the Keycloak process.
Heap-based buffer overflow vulnerability in socat versions 1.8.0.0 through 1.8.1.1. The flaw occurs in the DOMAINNAME reply parser where the domain name length byte is read as a signed char, causing a negative value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer.
Halo is an open source website building tool. Prior to version 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem.
In ToolJet prior to version 3.20.178-lts, any authenticated user with builder role (free tier) could overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executed server-side with full Node.js access. The malicious code ran whenever any user on the instance triggered a query using that plugin, leading to remote code execution (RCE) and supply-chain compromise of the entire ToolJet deployment.
In ToolJet prior to version 3.20.178-lts, there is an SSRF vulnerability in the RestAPI data source component. The private IP filter only checks the hostname string, allowing bypassing of security and theft of Azure managed identity tokens.
In ToolJet prior to version 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credential_id is supplied in the request body. Unlike other data endpoints, this handler is not protected by ValidateDataSourceGuard, does not receive the calling @User(), and the underlying CredentialsService.getValue() looks up the credential by id only, with no organization scoping.
Trivy before version 0.71.1 uses the `org.opencontainers.image.title` annotation from the OCI artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a crafted annotation that resolves to a path outside the intended destination, causing Trivy to write the layer content to an arbitrary location on the host filesystem.
Outline before version 1.8.0 contains a vulnerability where the AuthenticationHelper.canAccess function uses ctx.originalUrl without stripping the URL fragment (#), allowing an attacker to bypass API key scope restrictions and escalate privileges by appending a permitted path in the fragment.
Trivy before version 0.71.0, when scanning Helm chart archives (.tgz), uses a custom tar unpacker that reads each entry with io.ReadAll(tr) without size limit. An attacker can place a malicious .tgz file in the scanned path that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer.
A vulnerability in LibreChat prior to 0.8.4-rc1 allows an attacker with a stolen session token to regenerate all 2FA backup codes without requiring any TOTP token or existing backup code. This enables bypassing 2FA login or disabling 2FA entirely.
A vulnerability in LibreChat prior to 0.8.4-rc1 allows an authenticated user to bypass rate limiters added for the /fork endpoint by using the /duplicate endpoint, which performs the same expensive database operations but lacks any rate limiter. This can lead to server resource exhaustion.
LibreChat before version 0.8.4-rc1 allows authenticated users to set a custom URL for OpenAI-compatible API endpoints. This URL is used to construct HTTP requests without any SSRF validation, enabling traffic to be directed to internal network addresses.

