CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In ImageMagick before version 7.1.2-22, a division by zero vulnerability exists in binomial kernel processing. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.
ImageMagick before version 7.1.2-19 contains an off-by-one error in morphology validation, allowing out-of-bounds heap buffer reads. Attackers can trigger a heap buffer overflow by providing incorrect morphology parameters, causing single pixel memory access violations.
A heap buffer overflow vulnerability in Ruby JSON versions 2.9.0 through 2.19.8 occurs when generating JSON for an oversized streamed object. An attacker can provide a controlled string near 16 KB, causing writes past the internal JSON generator buffer.
In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
In Google Chrome on Mac prior to version 150.0.7871.47, an inappropriate implementation in the DataTransfer component allowed a remote attacker who convinced a user to perform specific UI gestures to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected by an information disclosure vulnerability. An attacker could exploit this flaw to gain access to sensitive data.
A vulnerability in SeaweedFS before version 4.30 reflects the callback query parameter without validation in JSON responses served as application/javascript. Missing X-Content-Type-Options: nosniff header and CORS allow-list allows an attacker to load responses from any JSON endpoint (including unauthenticated ones) via a <script> tag from a third-party web page.
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device initiates a session teardown (state BT_RFCOMM_STATE_DISCONNECTING, DISC sent, RTX timer armed) and the peer concurrently sends its own DISC frame for dlci 0, rfcomm_handle_disc() invokes rfcomm_session_disconnected(), which unconditionally forces the session to BT_RFCOMM_STATE_DISCONNECTED without calling bt_l2cap_chan_disconnect(). This permanently wedges the session: the L2CAP channel is never released and the session slot in the bt_rfcomm_pool[] array is never reclaimed.
The Tarfile.extract() function does not properly pass the filter parameter when extracting hardlinks. An affected system extracting content from untrusted tar files could write files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
A vulnerability in CryptX versions before 0.088_001 for Perl causes AEAD authentication tag comparison in the decrypt_done path to be non-constant time. The decrypt_done($tag) function uses memNE (memcmp() != 0), which short-circuits on the first differing byte, making execution time depend on the number of matching leading bytes.
A cross-site scripting (XSS) vulnerability was found in the MDEx library due to improper input neutralization in Markdown processing. An attacker can inject arbitrary HTML/JavaScript that executes in the browser of every user viewing the rendered output.
A broken access control vulnerability in Invidious before version 2.20260626.0 allows unauthenticated attackers to retrieve private playlist contents via the RSS feed playlist endpoint. Attackers can supply a playlist ID to obtain the full playlist contents, owner email address, and associated video entries without authentication.
Snowflake CLI versions prior to 3.19 contain a vulnerability due to improper neutralization of local CLI parameters, allowing unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing unintended SQL execution in the context of the user's Snowflake session.
In PcapPlusPlus 25.05, the function parse_by_block_type in light_pcapng.c is vulnerable to a heap-based buffer overflow. An attacker can remotely exploit this by manipulating the captured_packet_length argument, though the attack complexity is high and exploitation is difficult.

