CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
In Rocket.Chat before versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, the CAS login handler forwards the client-supplied `credentialToken` value directly into a MongoDB `findOne({_id: ...})` query without any runtime type check. An unauthenticated attacker can substitute a NoSQL query operator (e.g., `{"$gt": ""}`) for the expected ticket string, matching the first unexpired document in the `credential_tokens` collection and completely bypassing the CAS ticket check.
A vulnerability in Rocket.Chat before versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 allows an attacker to modify any field in their own upload record. This occurs because the sendFileMessage DDP method passes the entire file object into Uploads.updateFileComplete, which merges it directly into a MongoDB $set update via Object.assign without an allow-list of writable fields.
Rocket.Chat prior to version 8.5.0 does not verify the signature on LogoutRequest messages in SAML integration. An unauthorized attacker can craft a fake logout request, leading to the immediate termination of the victim's session.
FOSSBilling versions 0.7.2 and prior have a vulnerability in the guest API that allows the creation of new administrator accounts even when one already exists. A flaw in the admin existence check enables an attacker to bypass protections.
AutoGPT, a workflow automation platform, has a Denial of Service (DoS) vulnerability in versions prior to 0.6.52. The Fill Text Template block does not limit the computational complexity or execution time of expressions, allowing an attacker to input computationally expensive Python/Jinja2 expressions, leading to system hang or crash.
motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions, making it readable by any local user on the system, leading to the exposure of sensitive data including the admin password.
motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, allowing an authenticated user to read arbitrary files from the filesystem.
Gogs is an open source Git service that prior to version 0.14.3 accepted the authentication header without verifying that the request came from a trusted reverse proxy. This allowed attackers to impersonate users or trigger automatic account creation.
The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness allows attackers to modify configuration settings and trigger system restarts without restriction.
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI pipe socket, but no identity tag is propagated from the pipe path to the server handlers.
A flaw in KubeVirt's safepath package, used by virt-handler, was found in the OpenAtNoFollow function. It uses O_PATH|O_NOFOLLOW to obtain a file descriptor, but subsequent operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, bypassing the intended no-follow protection.
In AngularJS versions 1.2.0-rc.3 and later, a flaw in the Strict Contextual Escaping (SCE) logic allows bypassing security policies for resource URLs, potentially leading to arbitrary JavaScript execution within the victim's browser session.
In Gogs before version 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition. Pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki.
Twenty is an open-source CRM platform that was vulnerable to an insecure direct object reference (IDOR) in the AI agent monitor prior to version 2.9.0. As a result of this vulnerability, an authenticated user could access another user's full chat history on the same instance using the victim's agentId or turnId.
Prior to versions 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures did not adequately protect against a certain class of spoofing, allowing threat actors to remove JSON entries from valid signed activities from third-party actors.
Mastodon prior to versions 4.5.10, 4.4.17, and 4.3.23 has a vulnerability that allows incorrect recognition of IPv4-mapped IPv6 addresses, potentially leading to TCP connections to private IPv4 addresses. Attackers can exploit this vulnerability by publishing appropriate DNS records.
Mastodon, a social network server based on ActivityPub, prior to versions 4.5.10, 4.4.17, and 4.3.23, improperly normalized incoming activities signed with Linked-Data Signatures, allowing attackers to manipulate valid signed JSON-LD activities from third-party actors.
Mastodon, a social network server based on ActivityPub, prior to versions 4.5.10, 4.4.17, and 4.3.23, had a vulnerability in the list of disallowed IP address ranges, allowing attackers to make HTTP requests to loopback interfaces. This could lead to unauthorized access to private resources and services.
FOSSBilling versions 0.7.2 and prior have a vulnerability in the API that allows authenticated clients to access other clients' data by guessing order IDs. The __call method in the API does not verify if the client owns the order, potentially leading to data exposure.
The py7zr library, used for compressing and decompressing 7zip archives, contains an arbitrary file write vulnerability in versions 1.1.2 and below. This allows attackers to create malicious archives that can restore symbolic links to arbitrary directories in the file system.

