CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-6653
High

A Use After Free vulnerability in libxml2's xmlParseInternalSubset allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

CVE-2026-6062
Medium

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, and 10.11.x <= 10.11.17 fail to validate channel ownership of an existing subscription before applying edits. This allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT request to the subscription edit endpoint.

CVE-2026-5139
Medium

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, and 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, allowing any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect <instance-name>}} slash command.

CVE-2026-56450
Medium

AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who reached the 2FA verification step could submit an unlimited number of OTP guesses, potentially leading to unauthorized account access.

CVE-2026-56448
High

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to access files outside the intended directories.

CVE-2026-56447
High

MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path, potentially leading to arbitrary code execution with the privileges of the MISP process.

CVE-2026-56446
High

MISP allows a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Due to the ability to inject PHP code by an attacker with administrator privileges, remote code execution may occur.

CVE-2026-56425
High

The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The vulnerability includes session identifier leakage, lack of session rotation after login, weak OAuth state, missing HTTPS enforcement, and log injection.

CVE-2026-56424
High

The MISP core contains multiple access control flaws that allow unauthorized modifications and deletions of data across organizations. Lower-privileged users can manipulate objects they are not authorized to edit.

CVE-2026-56423
High

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. Users with broad permissions could delete objects belonging to other organizations without proper authorization.

CVE-2026-54100
High

The Windows Machine Config Operator (WMCO) for Red Hat OpenShift establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker can intercept or redirect the SSH session to capture WICD and kubelet bootstrap credentials.

CVE-2026-54099
High

A flaw in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows the WICD CSR auto-approver to validate that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node with WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate with cluster-administrator privileges.

CVE-2026-42129
High

A vulnerability in the Loki data source plugin allows a user with Viewer permissions to exploit a path traversal to reach administrative Loki endpoints. This enables reading sensitive backend configuration and internal service information.

CVE-2026-28381
Critical

The Snowflake datasource vulnerability allows GET/PUT commands, enabling any user with query access to read/write files between the local Grafana server and the connected Snowflake host.

CVE-2026-12888
Low

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.

CVE-2026-12602
High

In ArubaSign, versions prior to v4.6.6 have incorrect default permissions that grant excessive permissions to the 'Everyone' group for the main executable and other program files. This could allow an unprivileged user to replace the main executable with a malicious file.

CVE-2026-10601
Medium

A vulnerability in the Tempo and Loki data source plugins allows a user with Viewer permissions to reach unintended backend endpoints via specially crafted requests. This can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend.

CVE-2026-10561
Critical

IBM Langflow OSS versions 1.0.0 through 1.9.3 contain a vulnerability due to improper isolation of Python execution combined with an authentication bypass. An unauthenticated attacker can execute arbitrary code on the host system, leading to full compromise.

CVE-2025-66389
HighEPSS 54%

A vulnerability in GitHub Copilot 1.372.0 allows filesystem access outside the workspace folder without user approval via a file-handler URI parameter in fetch_webpage. This could lead to data exfiltration if combined with indirect prompt injection.

CVE-2025-33128
Medium

An XSS vulnerability in IBM Engineering Workflow Management allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

PreviousPage 231 of 4549Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS