CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-55895
High

In Vim prior to version 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!.

CVE-2026-55892
Medium

In Vim before version 9.2.0662, the dump_prefixes() function in src/spell.c does not check the depth of recursion against the size of stack arrays (prefix[], arridx[], curi[]) when processing prefixes from a .spl file. A crafted .spl file can cause an out-of-bounds write on the stack, corrupting the call frame and crashing the editor.

CVE-2026-55693
High

In Vim prior to version 9.2.0653, the tree_count_words() function in src/spellfile.c writes out-of-bounds on the stack when processing crafted .spl/.sug files. An attacker can exploit this vulnerability to crash the editor via stack buffer overflow.

CVE-2026-55477
High

3X-UI is a control panel for managing Xray-core servers. Prior to version 3.3.1, an authenticated administrator could abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database.

CVE-2026-54036
Medium

In LibreChat prior to 0.8.4-rc1, an authenticated user (or attacker with a stolen session) can call the GET /api/auth/2fa/enable endpoint, which overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false without requiring any TOTP or backup code verification. This allows an attacker to completely take over a victim's two-factor authentication.

CVE-2026-4522
Medium

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1.

CVE-2026-48946
Medium

A vulnerability in the K2 component allows authors to upload PHP files as article attachments. Apache executes these files, enabling remote PHP code execution in the web server context.

CVE-2026-48945
Medium

A vulnerability in the K2 component for Joomla! allows uploading a ZIP/TAR archive containing PHP files to the gallery directory. The system only renames image files, leaving non-image files (including PHP) extracted as-is and accessible via HTTP, enabling remote code execution.

CVE-2026-48944
Medium

A vulnerability in the K2 component for Joomla! allows an Author to copy any file readable by the web user (e.g., configuration.php or /etc/passwd) to the /media/k2/attachments/ directory by manipulating the `attachment[N][existing]` POST field. Lack of source path validation and `..` filtering in `JPath::clean` enables a path traversal attack.

CVE-2026-48943
Medium

A mass-assignment vulnerability in K2 ≤ 2.24 exists in the `plg_user_k2` system user plugin. A registered Joomla user can, by including the `K2UserForm=1` field in a standard `com_users` `profile.save` POST request, write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table, which are not exposed by the K2 frontend profile-edit form.

CVE-2026-48942
Medium

K2 version 2.26 and earlier renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

CVE-2026-48941
Medium

A vulnerability in the K2 component for Joomla! allows an unauthenticated attacker to delete arbitrary directories via the `sigProFolder` parameter in the `item.checkin` task. The attacker can exploit this flaw to remove gallery directories under `/media/k2/galleries/`.

CVE-2026-48940
Low

A Joomla user with K2 'create item' rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.

CVE-2026-12844
High

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. The issue arises from improper memory management, which can lead to memory corruption.

CVE-2026-6432
Medium

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

CVE-2026-57588
Low

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

CVE-2026-57587
Medium

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

CVE-2026-57536
Medium

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-57535
Low

The vulnerability allows injection of HTML content, including <img> tags, into PDF rendering contexts. If the src attribute of such an image points to a URL, the PDF rendering engine downloads the image from that location and displays it, leading to information disclosure about the rendering server and potentially creating an SSRF vector in the local network.

CVE-2026-57534
Low

The pretix-pages plugin allows injection of malicious HTML content into a page's content. An attacker can exploit this vulnerability to place dangerous content on the page.

PreviousPage 181 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS