CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
In OpenStack Swift before version 2.37.2, the proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to redirect container update requests to an attacker-controlled server, enabling server-side request forgery (SSRF).
In Deno prior to 2.8.1, the process.loadEnvFile() function does not honor environment permission restrictions (--deny-env). It allows writing variables from a .env file into the process even when environment access is denied.
In Deno prior to 2.8.1, when a WebSocket connection was opened, only the destination hostname was checked against --deny-net rules, but the IP addresses that hostname resolved to were not re-checked. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP, bypassing the network restriction entirely.
In Deno prior to version 2.8.1, the fetch() function checked the destination hostname against --deny-net rules but did not re-check the resolved IP addresses. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP, bypassing network restrictions entirely.
In Deno prior to version 2.8.1, the `node:crypto.checkPrime` and `crypto.checkPrimeSync` functions performed no Miller-Rabin rounds when the `options.checks` parameter was left at its default value of 0. In this mode, the only test applied was trial division by primes up to 17,863, causing composite numbers whose smallest prime factor exceeds that bound to be incorrectly reported as probably prime.
In Deno prior to version 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could pass a numeric alias of an IP address (e.g., the decimal integer 2130706433 or the hex form 0x7f000001, both resolving to 127.0.0.1) and bypass the restriction using the { host, port } options in node:net.connect or node:http.request.
In BYONM mode (nodeModulesDir: "manual") in Deno before version 2.7.12, the module resolver did not validate that a package's resolved entrypoint stayed within its node_modules/<pkg>/ directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk, and the resolver then read that file without consulting the --allow-read allowlist. This let a require("evil-pkg") call return the contents of a file that a direct Deno.readTextFileSync(...) call would have been blocked from reading.
In Deno before version 2.7.10, the escapeShellArg() function in the node:child_process implementation improperly handled cmd.exe special characters on Windows. An attacker controlling part of an argument passed to spawn() or exec() with shell:true could inject additional commands.
In Deno before version 2.7.14, the permission system compared paths at the raw-byte level while the APFS filesystem on macOS treats different Unicode spellings of the same name as the same file. This allows a program to bypass deny rules by using alternative Unicode spellings.
A vulnerability in Caddy server versions 2.4.0 through 2.11.3 arises from a mismatch between the authorization layer and the /config path traversal layer. The authorization layer uses string prefix matching, while the traversal layer parses array indices numerically using strconv.Atoi(), leading to incorrect resolution of configuration objects. The issue is fixed in version 2.11.3.
Caddy versions 2.7.0 through 2.11.3 contain a vulnerability in the FastCGI mechanism that allows an attacker to misidentify a non-PHP file as a script. The issue stems from improper use of case-insensitive search functions when handling paths containing non-ASCII bytes. In environments where an attacker can place content into a file served via FastCGI (uploads, file storage, etc.), this can lead to remote code execution.
In Deno from version 2.0.0 to 2.7.8, a vulnerability in the Node.js tls compatibility layer was found. When autoSelectFamily is enabled and the first address-family attempt fails, the reconnection may not be upgraded to TLS, causing application data to be transmitted in plaintext.
A vulnerability in the configparser module allows injection of unexpected keys and values into configuration files when writing multi-line text values containing carriage return characters ( ). An attacker can control the written value, leading to file content manipulation.
A vulnerability in MuPDF before version 1.27.0-rc1 allows a remote attacker to cause a denial of service (DoS) by supplying a crafted EPUB file with deeply nested HTML elements and inline CSS styles. The issue stems from uncontrolled recursion in the value_from_inheritable_property() function in css-apply.c, which traverses the CSS property inheritance chain without a depth limit, exhausting the process stack and crashing any application using MuPDF for EPUB rendering.
An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
A vulnerability in Adobe Acrobat and Reader allows out-of-bounds memory read, potentially leading to disclosure of sensitive data. An attacker can exploit this flaw to access confidential information, but it requires the victim to open a specially crafted file.
An out-of-bounds read vulnerability in Acrobat Reader that could lead to disclosure of sensitive memory. Exploitation requires user interaction to open a malicious file.
A vulnerability in Acrobat Reader allows an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction by opening a malicious file.
In GNU SASL before version 2.2.4, there is a lack of sanitization of a short challenge in the _gsasl_ntlm_client_step function in the NTLM client, which could result in memory disclosure via a crafted server.

