CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-7842
Medium

The Infility Global plugin for WordPress before version 2.15.20 does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks. This allows authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database.

CVE-2026-12866
Critical

The vulnerability in the expr-eval library allows arbitrary JavaScript code execution via the toJSFunction() API. An attacker can supply crafted expressions that are compiled into native code using new Function(), bypassing the intended expression sandbox and executing arbitrary code within the application's context.

CVE-2026-55655
Medium

A flaw in OpenSSH allows a local unprivileged attacker to hijack forwarded X11 connections. The attack pre-binds the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input.

CVE-2026-55654
Low

A heap out-of-bounds read flaw was found in OpenSSH during cleanup of GSSAPI indicators when a trailing NULL is missing in the auth-indicators array. A remote attacker, under specific configurations with GSSAPI authentication and a Kerberos environment, could exploit this to crash the SSH authentication path, causing a denial of service (DoS).

CVE-2026-55653
Medium

A double free vulnerability was found in OpenSSH in the Diffie-Hellman Group Exchange (DH-GEX) client path during FIPS mode known-group validation. A malicious SSH server can exploit this by sending crafted DH-GEX group parameters, causing client process termination and Denial of Service (DoS).

CVE-2026-11833
High

A vulnerability has been found in FAST/TOOLS and CI Server that allows the web server to return CI Server setting information. This information could be exploited by an attacker for other attacks.

CVE-2026-10658
High

A missing length validation in the Zephyr Bluetooth Host ISO receive path allows malformed HCI ISO data to trigger a kernel assert (denial of service) or out-of-bounds read.

CVE-2026-10651
High

A vulnerability in Zephyr's Bluetooth Classic SDP parser allows a malformed attribute to trigger a reachable assertion, causing a kernel panic (denial of service) in assert-enabled builds. In builds without assertions, it may lead to an out-of-bounds read and undefined behavior.

CVE-2026-10645
Medium

In Zephyr's ext2 directory-entry parser, the on-disk entry structure is not fully validated before copying the entry name and advancing traversal state. A crafted ext2 image can cause an out-of-bounds read from the directory block buffer or an infinite loop.

CVE-2026-54236
MediumEPSS 53%

vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, an incomplete fix for CVE-2026-22778 allows memory addresses to leak in error messages, potentially exposing memory information in responses to clients.

CVE-2026-54235
Medium

vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, temperature validation used comparison operators that incorrectly handled NaN and positive Infinity, leading to undefined behavior or CUDA errors.

CVE-2026-54233
Medium

vLLM is an inference and serving engine for large language models. Prior to version 0.23.1rc0, the /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output, which could lead to excessive resource consumption.

CVE-2026-54232
High

vLLM, an inference and serving engine for large language models, is vulnerable to a dependency confusion attack in versions prior to 0.22.1. An attacker can register the flashinfer-jit-cache package on PyPI, allowing arbitrary code execution as root during the Docker build.

CVE-2026-53923
High

vLLM, an inference and serving engine for large language models, has a vulnerability due to integer truncation of tensor dimensions, leading to partial tensor processing. As a result, the unfilled portion of the output tensor may contain data from GPU memory, leading to information disclosure.

CVE-2026-48746
CriticalEPSS 54%

A vulnerability in the vLLM inference engine (versions 0.3.0 through 0.22.0) allows bypassing OpenAI API authentication. The flaw stems from improper trust in ASGI web servers by starlette, enabling API usage without providing the configured VLLM_API_KEY or --api-key.

CVE-2026-47155
Medium

vLLM is an inference and serving engine for large language models. In versions prior to 0.22.0, revision pinning controls do not consistently apply to all artifacts loaded for a model, potentially leading to the loading of unverified components.

CVE-2026-41523
High

In vLLM prior to 0.22.0, an assert-based security check in the activation function loading allows any unauthenticated attacker to achieve arbitrary code execution by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1).

CVE-2026-56698
Medium

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin.

CVE-2026-56697
Medium

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function. These paths pass the script-protocol check but resolve to a cross-origin URL against the current page protocol.

CVE-2026-56357
Medium

n8n versions before 1.123.15 and 2.5.0 contain a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events.

PreviousPage 222 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS