CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-47110
Medium

A vulnerability in Tiptap for PHP before version 2.1.1 allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string. This triggers an unhandled TypeError in the Link::isAllowedUri() function when passed to preg_match(), permanently corrupting the record and blocking HTML rendering for all users.

CVE-2026-47093
Unknown

CVE ID CVE-2026-47093 has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39897
Medium

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer, which has been fixed in version 1.2.31.

CVE-2026-39894
Low

In Cacti versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. When the server locale uses comma as decimal separator (e.g., de_DE), a value of 1.5 becomes '1,5', while RRDtool expects a dot. This causes metric data to shift into wrong columns or be silently dropped.

CVE-2026-39893
Critical

In Cacti versions 1.2.30 and prior, the rfilter request variable was concatenated into an RLIKE SQL clause without sanitization. The vulnerability allows pre-auth SQL Injection (SQLi) if guest graph viewing is enabled. The issue was fixed in version 1.2.31.

CVE-2026-2050
High

A heap-based buffer overflow vulnerability in GIMP's HDR file parsing allows remote code execution. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage.

CVE-2026-10642
Medium

The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) has an unbounded loop in pl011_irq_tx_enable() that hangs the calling thread when CTS hardware flow control is enabled and the peer de-asserts CTS. The loop never exits because the TX FIFO cannot drain, causing a denial of service (CWE-835).

CVE-2026-10043
High

A vulnerability in MosaicML Composer allows remote code execution through the deserialization of untrusted data. User interaction is required to exploit this vulnerability, meaning the victim must visit a malicious page or open a malicious file.

CVE-2025-60468
Medium

In GPAC/MP4Box version 2.5-DEV-rev1593-gfe88c3545-master, a buffer overflow vulnerability was found. The function gf_filter_pid_inst_swap_delete_task() in filter_core/filter_pid.c improperly accesses freed objects during PID instance cleanup after a swap/delete operation, leading to a heap use-after-free.

CVE-2026-7539
High

A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability.

CVE-2026-52816
Medium

Gogs is an open source Git service that prior to version 0.14.3 had a vulnerability in the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb. This vulnerability allowed arbitrary data URIs to be submitted without proper restrictions, potentially leading to Cross-Site Scripting (XSS) attacks.

CVE-2026-52815
MediumEPSS 72%

Gogs, an open source Git service, prior to version 0.14.3 has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication.

CVE-2026-52814
Medium

Gogs is an open source Git service that prior to version 0.14.3 was vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack via its built-in SSH server. An attacker could open multiple TCP connections to the SSH port, leading to file descriptor exhaustion and destabilization of the entire Gogs process.

CVE-2026-52813
CriticalEPSS 62%

Gogs before version 0.14.3 accepts organization names containing path traversal sequences (../), allowing repositories to be written to arbitrary filesystem locations. By creating nested Git repository structures, one can overwrite another repository's hooks configuration, leading to Remote Code Execution (RCE).

CVE-2026-52812
High

In Gogs before version 0.14.3, the LFS storage uses only the OID for content addressing, but per-repo authorization is checked based on (repo_id, oid). The serveUpload function skips re-uploading if the OID file already exists on disk and inserts a new (repo_id, oid) row pointing to it without verifying that the request body hashes to the claimed OID. A user with write access to one repo can bind their repo to an OID owned by a private repo and download the original bytes via their own download endpoint.

CVE-2026-52811
Critical

Gogs before version 0.14.3 contains a vulnerability due to improper symlink checking during multipart file upload. An attacker with repo-write access can use a filename containing a backslash to write arbitrary data outside the repository, e.g., to authorized_keys or a post-receive hook.

CVE-2026-52810
High

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorized POST …/git-receive-pack using the client-supplied service query string, allowing push where only read should be allowed.

CVE-2026-52809
Medium

In Gogs before version 0.14.3, password-reset tokens are generated using the account-activation lifetime (conf.Auth.ActivateCodeLives) instead of the reset-password lifetime (conf.Auth.ResetPasswordCodeLives). The token lifetime is embedded in the token at generation time and re-extracted at verification, making RESET_PASSWORD_CODE_LIVES irrelevant. Even if an administrator configures a shorter reset window (e.g., 10 minutes), tokens remain valid for the full activation lifetime, while the reset email falsely advertises the shorter expiry.

CVE-2026-52808
High

Gogs is an open source Git service that prior to version 0.14.3 had three API endpoints secured by reqRepoWriter() instead of reqRepoAdmin(). This allows collaborators with lower access levels than admin to perform unauthorized operations.

CVE-2026-52807
Medium

Gogs is an open source Git service that prior to version 0.14.3 had an issue with rendering milestone names. The default auto-escaping in Go allowed for HTML/JavaScript injection through interaction with the dropdown in Semantic UI.

PreviousPage 198 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS