CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
CVE-2025-8106 has been rejected or withdrawn by its CVE Numbering Authority.
A buffer overflow vulnerability in the gf_media_import function of GPAC/MP4Box before version 26.02.0 allows an attacker to cause a Denial of Service (DoS) by supplying a crafted input file.
A use-after-free vulnerability was found in the GPAC/MP4Box library before version 26.02.0 in the gf_filter_pid_inst_swap_delete_task function within filter_pid.c. An attacker can exploit this by supplying a crafted media file to cause a denial of service (DoS).
In ATEN Unizon, the updateWar method has an improper implementation of cryptographic signature verification. An authenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of SYSTEM.
A directory traversal vulnerability in the ImportDeviceList method of ATEN Unizon allows remote code execution. The issue stems from improper validation of a user-supplied path before using it in file operations. Authentication is required for exploitation.
A directory traversal vulnerability in the restoreDB method of ATEN Unizon allows remote code execution. The flaw is due to improper validation of a user-supplied path before using it in file operations. Authentication is required, but the attacker can execute code in the context of SYSTEM.
A Directory Traversal vulnerability in the writeFileToHttpServletResponse method in ATEN Unizon allows remote attackers to disclose sensitive information without authentication. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations.
A vulnerability in the uploadSSL method of ATEN Unizon allows remote authenticated attackers to delete arbitrary files. The issue stems from missing validation of a user-supplied path before using it in file operations.
The vulnerability in the updateLicense method of ATEN Unizon software allows a remote authenticated attacker to delete arbitrary files on the system. The issue stems from the lack of proper validation of a user-supplied path before using it in file operations.
The vulnerability allows remote code execution in Unraid via command injection in ToggleState.php. Authentication is required, and the issue stems from missing validation of user input before using it in a system call.
A vulnerability in the Unraid web server allows remote code execution via command injection in FileUpload.php. The flaw stems from insufficient validation of user-supplied data before use in a system call. Authentication is required, and an attacker can execute code as the www-data user.
In Rocket.Chat versions prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint endpoint requires authentication but does not perform authorization checks. Any authenticated user could deregister the workspace from Rocket.Chat Cloud, leading to data loss and requiring manual re-registration.
Vulnerability in Rocket.Chat's Apple Sign-In handler lacks JWT claims validation. An attacker who obtains a target user's Apple identity token (from server logs, intercepted sign-in flow, or another app sharing the same Apple developer team) can replay it to authenticate as that user with no expiration.
In Rocket.Chat prior to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in loginHandler.ts, handleIdentityToken parses a JWT from Apple during OAuth. If the JWT lacks an email, the app accepts an arbitrary email from the request, enabling account takeover.
SiYuan is an open-source personal knowledge management system that prior to version 3.7.0 did not escape untrusted fields (name, version, author, description) when serialized into the data-obj HTML attribute of each marketplace card. As a result, a package containing a single quote could inject arbitrary HTML, escalating from DOM XSS to arbitrary OS command execution.
Appsmith before version 2.1 has a vulnerability due to insufficient IP address filtering in HTTP requests. The host blocking mechanism relies on an exact-match denylist rather than comprehensive address checks (e.g., loopback), allowing an authenticated user to send requests to loopback services inside the container.
In Appsmith before version 2.1, the bundled Caddy reverse-proxy exposes an unauthenticated admin API on port 2019 inside the container. A low-privileged authenticated user can exploit an SSRF vulnerability to send a POST /load request to this API, fully replacing the live Caddy configuration and taking over the reverse proxy.
SiYuan is an open-source personal knowledge management system. Prior to version 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements, allowing an attacker to include a malicious <iframe> in a Bazaar package README that executes arbitrary commands on the victim's machine.
A vulnerability in SiYuan before version 3.7.0 allows JavaScript injection via a crafted cell value in the attribute-view (database) renderer. An attacker with write access to a synced workspace can plant malicious content that executes arbitrary JavaScript when the victim opens the block-attribute panel. On Electron desktop with nodeIntegration enabled, this XSS can escalate to remote code execution (RCE) via require('child_process').
A vulnerability in SiYuan before version 3.7.0 allows JavaScript execution in the administrator's context by rendering a Bazaar package README. The flaw stems from an incomplete allowlist of event attributes in the lute sanitizer engine, which passes modern event handlers (e.g., onpointerover, onpointerdown) through.

