CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK due to insufficient checking of function return values. An attacker could use a crafted USB device or smart card to present specially crafted APDU responses, leading to work with uninitialized variables.
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK due to insufficient control of the response APDU buffer and its length during card communication. An attacker could use a crafted USB device or smart card to present specially crafted APDU responses.
In OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK, there is a missing initialization of variables that are expected to be initialized before being used as arguments to other functions. This can lead to unpredictable behavior or potential security issues.
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the 'name' parameter of the machd_reader.c component.
A NullPointerException was discovered in ThreeTen Backport v1.6.8 in the org.threeten.bp.LocalDate::compareTo(ChronoLocalDate) component. However, multiple third parties dispute the validity of this finding, suggesting it may be based on an insufficiently robust vulnerability identification tool.
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier in the 'user_id' parameter after login. It allows a remote attacker to execute arbitrary database queries.
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier, allowing a remote attacker to execute arbitrary SQL scripts via the ID parameter after login.
A SQL injection vulnerability was discovered in Gila CMS version 1.15.4 and earlier. It allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after login.
Vim prior to version 9.0.2121 has a heap-use-after-free vulnerability that can occur when executing the `:s` command for the first time using a sub-replace-special atom. This may lead to unsafe memory access and potential crashes of the Vim editor.
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer.
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT, which may lead to a crash, although this does not happen in all situations.
Vim is an open source command line text editor that may cause an overflow when parsing relative ex addresses. The issue occurs in the existing overflow check when the line number becomes negative. The impact is low, user interaction is required.
Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given, which may lead to a crash, although this does not happen in all situations.
Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. This issue has been addressed in release version 9.0.2108.
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled with the cpo-settings including the 'n' flag. This issue leads to application crashes.
Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure.
In versions of sudo-rs prior to 0.2.1, an issue was discovered where usernames containing '.' and '/' characters could lead to corruption of specific files on the filesystem. A user with such a name could delete a binary file, resulting in its removal from the system.
A vulnerability was found in Dreamer CMS up to version 4.1.3 that allows remote access to files or directories through manipulation of the file /upload/ueditorConfig?action=config. It is classified as problematic with a high complexity of attack.
A vulnerability has been found in TOTVS RM 12.1 that allows cross site scripting attacks through manipulation of the VIEWSTATE argument in the Login.aspx file. The attack can be executed remotely, but its complexity is high.
An issue was discovered in the default implementations of the `VolatileMemory` trait functions in a typical Virtual Machine Monitor (VMM), which may lead to out-of-bounds memory access. This affects users of custom `VolatileMemory` implementations that do not adhere to the `get_slice` documentation.

