CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-48725
High

Warp is a development environment that, from versions 0.2021.04.25.23.05.stable_00 to 0.2026.05.06.15.42.stable_01, allows terminal output to access the local system clipboard. A malicious remote host or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step.

CVE-2026-48721
High

Warp is a development environment that contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. This vulnerability allows an attacker to treat denylisted commands as allowed.

CVE-2026-48720
High

Warp is an agentic development environment that, from versions 0.2025.03.05.08.02.stable_00 to 0.2026.05.06.15.42.stable_01, accepts `OSC 1337;File` payloads from terminal output and materializes the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in version 0.2026.05.06.15.42.stable_01.

CVE-2026-48719
HighEPSS 57%

Warp, an agentic development environment, contains a command injection vulnerability in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI.

CVE-2026-48704
High

Warp, an agentic development environment, may open executable local files through the operating system default file handler. A malicious Markdown document can contain a local-file link that, when clicked by the user, may lead to unsafe file opening.

CVE-2026-48703
High

Warp, an agentic development environment, contains a command execution policy bypass in Agent code search tools. Versions from 0.2025.04.09.08.11.stable_00 to 0.2026.05.06.15.42.stable_01 are vulnerable, allowing execution of shell commands from Agent-controlled inputs.

CVE-2026-44022
Medium

A vulnerability in Docling from version 2.73.0 to 2.91.0 allows attackers to read arbitrary files from the file system via crafted LaTeX documents. Lack of path validation in \includegraphics, \input, and \include commands enables path traversal sequences, potentially leading to sensitive data exposure.

CVE-2026-44020
High

A vulnerability in Docling versions 2.13.0 through 2.74.0 allows XML External Entity (XXE) attacks via malicious USPTO patent files. An attacker can read arbitrary files from the server, perform SSRF attacks, or cause denial of service.

CVE-2026-44017
High

A vulnerability in Docling before version 2.91.0 allows Zip Slip attacks during EasyOCR model downloads. An attacker can overwrite arbitrary files, leading to remote code execution, persistent backdoors, or data corruption.

CVE-2026-44016
High

A vulnerability in Docling versions 2.82.0 through 2.91.0 allows arbitrary JavaScript execution and unrestricted network access when processing untrusted HTML documents with the Playwright-based rendering feature enabled. An attacker can exploit this for SSRF attacks, data exfiltration, or remote code execution in the rendering environment.

CVE-2026-54906
Critical

A vulnerability in concurrent-ruby up to version 1.3.6 allows any thread to release a write lock without authorization, potentially breaking mutual exclusion. Additionally, release_read_lock can decrement the shared counter below zero, causing ResourceLimitError on read lock acquisition.

CVE-2026-54905
Medium

In concurrent-ruby up to version 1.3.6, a vulnerability allows incorrect granting of a write lock after one thread acquires the read lock 32,768 times. The lock stores thread-local read and write hold counts in one integer, where the low 15 bits are for read count and bit 15 is for WRITE_LOCK_HELD. After exceeding this threshold, the read count overflows into the write-lock bit, causing try_write_lock to incorrectly return true without setting the global RUNNING_WRITER bit.

CVE-2026-54904
High

The vulnerability in the concurrent-ruby library for Ruby causes the AtomicReference#update method to enter an infinite retry loop when the stored value is Float::NAN. This is because Float::NAN == Float::NAN always returns false, preventing the compare_and_set operation from succeeding.

CVE-2026-54297
High

A vulnerability in the Faraday library allows a DoS attack by sending a specially crafted nested query string. The NestedParamsEncoder decoder does not enforce a maximum nesting depth, leading to stack overflow and crash of the thread or worker process.

CVE-2026-53130
High

In the Linux kernel's OMFS filesystem, a missing lower-bound check for s_sys_blocksize allows a crafted image with a value smaller than OMFS_DIR_START (440) to cause an unsigned integer underflow in omfs_make_empty(). This triggers a memset() with a length near 4 GiB, overwriting kernel memory beyond the block buffer.

CVE-2026-53129
High

A use-after-free vulnerability was found in the Linux kernel's mbcache mechanism. The mb_cache_destroy() function fails to cancel the pending c_shrink_work work item before freeing memory, potentially leading to access of already freed memory.

CVE-2026-53128
Medium

In the Linux kernel, the DRBD driver has an RCU call imbalance in drbd_adm_dump_devices(). The function calls rcu_read_unlock() without a preceding rcu_read_lock(), which can lead to incorrect RCU behavior.

CVE-2026-53127
Unknown

A vulnerability has been identified in the Linux kernel related to a memory leak in the blk_revalidate_disk_zones() function. If an error occurs during zone validation, memory allocated for args.zones_cond is not freed, leading to a leak.

CVE-2026-53126
Unknown

A vulnerability has been identified in the Linux kernel related to a disk reference leak in the blkcg_maybe_throttle_current() function. The issue is due to a missing put_disk() call on the error path, leading to unreleased disk references.

CVE-2026-53125
Unknown

A vulnerability has been identified in the Linux kernel related to the removal of active sysfs protection, which may lead to recursive locking. The issue occurs when writing 'clear' to array_state, causing md_attr_store() to mishandle kobject references.

PreviousPage 203 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS