CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory, leading to crashes on the client side, particularly when using libgcrypt.
W glib znaleziono lukę, która prowadzi do przepełnienia całkowitego podczas tworzenia plików tymczasowych. To zjawisko skutkuje dostępem do pamięci poza przydzielonym obszarem, co umożliwia atakującemu potencjalne wykonanie ataku typu path traversal lub dostęp do prywatnych treści plików tymczasowych poprzez tworzenie dowiązań symbolicznych.
A vulnerability was found in libxml2 up to version 2.14.5, involving uncontrolled recursion in the xmlParseSGMLCatalog function of the xmlcatalog component. The attack requires local access and can be triggered with untrusted SGML catalogs.
A vulnerability in the Linux kernel's ksmbd component (SMB/CIFS server) allows bypassing a security control that introduces a 5-second delay during session setup to prevent dictionary attacks. This bypass can be achieved through the use of asynchronous requests.
In the netavark package, a network stack for containers used with Podman, the dns.podman search domain was removed. As a result, a container may use the host's resolv.conf, and if one of the search domains contains a hostname matching the container's name, DNS queries may be forwarded to external servers.
A vulnerability was found in libssh involving an uninitialized variable in the privatekey_from_file() function. It is triggered when the specified file does not exist, potentially leading to signing failures or heap corruption.
A logic flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length instead of the actual number of written bytes. This causes uninitialized buffer sections to be included in the output, potentially leaking arbitrary memory contents in the processed image.
Wykryto podatność w GNU ncurses do wersji 6.5-20250322, klasyfikowaną jako problematyczną. Dotyczy ona funkcji postprocess_termcap w pliku tinfo/parse_entry.c i prowadzi do przepełnienia bufora na stosie.
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
W GLib występuje błąd w zarządzaniu pamięcią przez GString podczas dodawania danych do ciągów. Przy dużych ciągach, połączenie ich z dodatkowymi danymi może spowodować ukryty przepełnienie w obliczeniach rozmiaru, co prowadzi do pisania danych poza przydzieloną pamięcią.
A vulnerability has been identified in the libarchive library, triggered when file streams are piped into bsdtar, causing an out-of-bounds read. This can lead to unpredictable program behavior, memory corruption, or denial of service.
An off-by-one vulnerability has been identified in the libarchive library when handling file name prefixes and suffixes. This flaw causes a 1-byte write overflow, potentially corrupting adjacent memory and leading to unpredictable program behavior or crashes.
An integer overflow vulnerability has been identified in the libarchive library when processing WARC files claiming more than INT64_MAX - 4 content bytes. An attacker can craft a malicious WARC archive to trigger this overflow, leading to unpredictable behavior, memory corruption, or denial of service. This affects libarchive versions prior to 3.8.0.
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior.
W BusyBox w wersji do 1.37.0, w narzędziu tar, archiwum TAR może ukrywać nazwy plików w liście za pomocą sekwencji ucieczki terminala. To może prowadzić do nieświadomego ujawnienia danych lub manipulacji plikami.
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
In Fortinet FortiOS versions 7.4.0 to 7.4.8, 7.2, 7.0, and 6.4, passwords are stored in a recoverable format. This allows an attacker to disclose information by modifying the LDAP server IP to point to a malicious server.
A flaw was found in GLib where an integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
W bibliotece GNU elfutils 0.192 zidentyfikowano podatność w funkcji elf_strptr, która może prowadzić do odmowy usługi. Atak można przeprowadzić na lokalnym hoście, jednak jego złożoność jest dość wysoka, co utrudnia wykorzystanie podatności.
An out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, and 6.4.0 through 6.4.15 allows an attacker to trigger a denial of service via specially crafted packets.

