CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In InHand Networks devices IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions), a command injection vulnerability was discovered in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via crafted input.
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).
There is a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator that can be exploited by a remote, unauthenticated attacker to gain full access to the affected systems.
The PIAF-HMS hotel management system contains multiple unauthenticated SQL injection vulnerabilities. The application lacks an authentication mechanism and directly passes user-supplied HTTP parameters into deprecated mysql_query() calls without sanitization.
An authentication bypass vulnerability exists in the opaque token validation path of googleapis/mcp-toolbox. This flaw allows the acceptance of tokens issued by unauthorized identity providers when the external OAuth provider's response omits the 'iss' field.
An authentication bypass vulnerability exists in the googleapis/mcp-toolbox that allows bypassing authentication. The issue is related to opaque token validation, where the absence of the 'active' key in the OAuth 2.0 introspection response results in the acceptance of tokens that should not be considered valid.
Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys and S3 bucket names.
Cotonti 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) in the administration rights handler. The rights update action ('a=update') in system/admin/admin.rights.php does not validate the anti-CSRF token, allowing a remote attacker to grant elevated permissions to an attacker-controlled group.
The Nur-Alam39 bus-ticket application contains an unauthenticated SQL injection vulnerability in bus_info.php. The busid parameter received via HTTP POST is directly concatenated into a MySQL query without sanitization, allowing a remote attacker to inject arbitrary SQL.
A critical remote code execution (RCE) vulnerability in PTC Windchill PDMlink and PTC FlexPLM. The flaw can be exploited via deserialization of untrusted data, allowing an attacker to execute arbitrary code remotely.
TypeBot is a chatbot builder tool that in versions 3.16.1 and earlier has an unauthenticated endpoint for generating upload URLs. This allows anonymous users to upload malicious HTML, SVG, or JS files, potentially leading to stored XSS.
Tinyproxy versions up to 1.11.3 fail to reject requests containing multiple Content-Length headers with differing values, leading to all duplicate headers being forwarded to the backend. Attackers can exploit this vulnerability to inject arbitrary HTTP requests to the backend.
Tinyproxy versions up to 1.11.3 improperly handle conflicting Content-Length and Transfer-Encoding: chunked headers, leading to forwarding them verbatim to the backend. This can allow remote attackers to inject arbitrary HTTP requests to the backend.
Network-AI is a TypeScript/Node.js multi-agent orchestrator that in versions 5.7.1 and earlier allowed unauthenticated cross-origin invocation of MCP tools due to an empty default secret. This issue was partially addressed in version 5.4.5, but the empty-default-secret flaw remained, allowing unauthorized access to all 22 MCP tools.
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication.
GEN3C in NVIDIA Spatial Intelligence Lab contains a remote code execution vulnerability in the inference API server. The /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication and input validation.
Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers. This issue affects Connext Professional from 7.4.0 before 7.7.0 and earlier versions.
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags. This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.

