CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-27604
Critical

FOSSBilling versions 0.5.4 to 0.8.0 have an authorization bypass in API role handling, allowing unauthenticated access to privileged `/api/system/*` endpoints. Attackers can invoke admin API methods without valid credentials.

CVE-2026-12969
Medium

An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.

CVE-2026-11772
Medium

DRIMO CMS is vulnerable to reflected XSS via the q parameter in the searching functionality. An attacker can prepare a URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.

CVE-2026-10609
Medium

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials.

CVE-2026-56784
High

OpenRemote before version 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs.

CVE-2026-56762
Medium

Hono before version 4.12.12 does not validate cookie names in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters. This can lead to malformed Set-Cookie header values.

CVE-2026-56701
Medium

Grav before version 2.0.0-beta.2 contains an XML external entity injection (XXE) vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml_load_string without disabling external entity loading, enabling attackers to inject XXE payloads via malicious SVG files.

CVE-2026-56379
HighEPSS 64%

A command injection vulnerability in ImageMagick before versions 7.1.2-15 and 6.9.13-40 exists in the SVG decoder. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

CVE-2026-56376
Low

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a use-after-free vulnerability in the meta coder. When memory allocation fails, a single byte is written to a stale pointer, potentially leading to denial of service.

CVE-2026-56371
Medium

ImageMagick before versions 7.1.2-15 and 6.9.13-40 has a memory leak in coders/txt.c when processing TXT files with texture attributes. The texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

CVE-2026-56322
High

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions. This allows attackers to enumerate private channels and leak version/config state.

CVE-2026-56315
Critical

Picklescan before 1.0.4 fails to block at least seven Python standard library modules, allowing for remote code execution. Attackers can craft malicious pickle files importing these unblocked modules, bypassing picklescan's safety validation.

CVE-2026-56301
Medium

Nuxt versions 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect.

CVE-2026-56275
High

Flowise before 3.1.0 contains a server-side request forgery (SSRF) vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses and access cloud metadata.

CVE-2026-56274
CriticalEPSS 84%

Flowise versions before 3.1.2 contain multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions.

CVE-2026-56263
Medium

Crawl4AI before version 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard. The dashboard renders crawl URLs and error messages via innerHTML without escaping, allowing an attacker to submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing the dashboard.

CVE-2026-56258
High

Crawl4AI before version 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints, allowing unauthenticated attackers to write files outside the intended directory.

CVE-2026-56248
High

Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-Level Security (RLS) policy when accessed via the Supabase PostgREST API.

CVE-2026-56243
High

Capgo before version 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to the PostgREST/RLS plane to access protected resources.

CVE-2026-56234
Medium

Capgo before version 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that can be called using only the public Supabase key without authentication. The endpoint is CORS-permissive and lacks rate limiting, enabling attackers to perform password spraying and credential stuffing attacks.

PreviousPage 220 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS