CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-24247
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24246
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24245
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24244
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24243
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24242
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to perform server-side request forgery (SSRF). Successful exploitation of this flaw could lead to information disclosure.

CVE-2026-24240
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-6688
High

A vulnerability in FatFs R0.16 and earlier affects long filename (LFN) handling. The function copies filenames (up to 255 characters) into short fixed buffers without bounds checking, causing buffer overflow.

CVE-2026-6687
High

FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums.

CVE-2026-6682
High

In FatFS R0.16 and earlier, there is an integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers.

CVE-2026-58399
High

A vulnerability in the @acastellon/auth authentication system for microservices allows an unauthenticated attacker to bypass token validation via crafted auth-user and Host HTTP headers. The issue affects validateToken() in versions prior to 2.3.0.

CVE-2026-2891
High

A vulnerability in Poly Voice IP devices (CCX, Trio, Edge E) may render them inoperable when connecting to a malicious SIP server and receiving malformed data. HP is releasing updates to mitigate this risk.

CVE-2026-13602
High

A chain of vulnerabilities was found in pretix: payment plugins (Stripe, Mollie, OPPWA, BitPay, Payone, SecuConnect, Sofort, Saferpay) do not validate session parameters beyond cryptographic signature, the redirect feature uses the same key and salt for signing as the plugins, and the admin impersonation feature allows changing user after injecting arbitrary parameters. An attacker with access to at least one event can become any backend user and access all data.

CVE-2026-5136
High

The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member.

CVE-2026-5120
High

A Race Condition vulnerability in BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.

CVE-2026-53902
High

A vulnerability in MCO allows an authenticated user to modify group membership without proper authorization checks, leading to privilege escalation. An attacker can add themselves to arbitrary groups by providing a valid group ID, which can be obtained from other application functions or guessed via brute-force.

CVE-2026-14181
High

Vulnerability in @fastify/middie versions 9.1.0 through 9.3.2 causes Node.js process termination when processing malformed percent-encoded sequences in request paths. The issue only affects the standalone engine API (middie.run), not the Fastify plugin path.

CVE-2026-13228
High

The LatePoint plugin for WordPress up to version 5.6.3 is vulnerable to privilege escalation to Administrator due to an Insecure Direct Object Reference (IDOR) in the create_or_update() function and missing role verification in OsAuthHelper::authorize_customer(). An authenticated attacker with Agent-level access can overwrite any customer's email, including one linked to an Administrator account, and then log in as that user.

CVE-2026-12142
High

The NEX-Forms plugin for WordPress up to version 9.2.2 is vulnerable to Stored Cross-Site Scripting via the '_name[]' array parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary scripts that execute when a user accesses the affected page.

CVE-2026-50043
HighEPSS 62%

An OS command injection vulnerability exists in SkyBridge MB-A100/MB-A110 devices. The issue is caused by improper neutralization of special elements used in OS commands.

PreviousPage 18 of 3334Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS