CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
NanoClaw before version 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName, which allows malicious agents to disclose arbitrary host files.
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.
Vulnerability in Guzzle (PHP HTTP client) before version 7.12.1 allows incorrect acceptance of cookies with a dot-only Domain attribute or whitespace-padded variants. SetCookie::matchesDomain() removes leading dots, normalizing to an empty string, causing the cookie to match any request host. An attacker can set a cookie in a shared cookie jar that Guzzle later sends to unrelated hosts.
The guzzlehttp/psr7 library before version 2.12.1 did not reject CR/LF characters in certain HTTP start-line fields (request method, protocol version, response reason phrase). An attacker can inject controlled data into these fields, and after serializing the PSR-7 message to raw HTTP/1.x (e.g., via Message::toString()), it may lead to HTTP header injection.
Vulnerability in Guzzle (PHP HTTP client) before 7.12.1 causes traffic expected to be TLS-protected to the proxy to be transmitted in cleartext under certain configurations. This occurs when using built-in cURL handlers (CurlHandler or CurlMultiHandler) with libcurl older than 7.50.2 and an https:// proxy URL — libcurl silently treats it as http://, never establishing an encrypted connection.
n8n is a workflow automation platform that prior to version 2.24.0 had an issue with the Compression node allowing attacker-controlled archives to be decompressed without limits on output size. An attacker could send a small compressed archive to a public webhook, causing memory exhaustion and terminating the n8n process.
n8n is an open source workflow automation platform. Prior to version 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation, leading to unintended documents being matched and overwritten with attacker-controlled content.
n8n is a workflow automation platform that prior to version 2.24.0 allowed authenticated users with permissions to create or modify workflows to achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter.
n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode.
n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply crafted parameters to the TimescaleDB and/or legacy Postgres v1 node, allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account.
n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication.
In n8n before version 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL.
SQL Injection vulnerability in Cboard v.0.4.2 and earlier allows a remote attacker to execute arbitrary code via the getDimensionsValues component.
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
A NULL pointer dereference vulnerability was discovered in GPAC MP4Box v2.4 in the gf_isom_add_track_kind() function at isomedia/isom_write.c. Attackers can exploit this by crafting a malicious MP4 file to cause a Denial of Service (DoS).
A broken access control vulnerability in HCL Connections may allow an unauthorized user to view data in a single specific scenario.
A vulnerability in pwnlift before d7a9544 in a privileged deployment allows an attacker to follow symbolic links in the upload handler in Components/Pages/Home.razor.
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks.
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function.
FOSSBilling prior to version 0.8.0 has a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators can inject arbitrary Twig expressions, leading to information disclosure and remote code execution.

