CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
A flaw in OpenSSH allows a local unprivileged attacker to hijack forwarded X11 connections. The attack pre-binds the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input.
A heap out-of-bounds read flaw was found in OpenSSH during cleanup of GSSAPI indicators when a trailing NULL is missing in the auth-indicators array. A remote attacker, under specific configurations with GSSAPI authentication and a Kerberos environment, could exploit this to crash the SSH authentication path, causing a denial of service (DoS).
A double free vulnerability was found in OpenSSH in the Diffie-Hellman Group Exchange (DH-GEX) client path during FIPS mode known-group validation. A malicious SSH server can exploit this by sending crafted DH-GEX group parameters, causing client process termination and Denial of Service (DoS).
A vulnerability has been found in FAST/TOOLS and CI Server that allows the web server to return CI Server setting information. This information could be exploited by an attacker for other attacks.
vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, an incomplete fix for CVE-2026-22778 allows memory addresses to leak in error messages, potentially exposing memory information in responses to clients.
vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, temperature validation used comparison operators that incorrectly handled NaN and positive Infinity, leading to undefined behavior or CUDA errors.
vLLM is an inference and serving engine for large language models. Prior to version 0.23.1rc0, the /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output, which could lead to excessive resource consumption.
vLLM, an inference and serving engine for large language models, is vulnerable to a dependency confusion attack in versions prior to 0.22.1. An attacker can register the flashinfer-jit-cache package on PyPI, allowing arbitrary code execution as root during the Docker build.
vLLM, an inference and serving engine for large language models, has a vulnerability due to integer truncation of tensor dimensions, leading to partial tensor processing. As a result, the unfilled portion of the output tensor may contain data from GPU memory, leading to information disclosure.
A vulnerability in the vLLM inference engine (versions 0.3.0 through 0.21.x) allows bypassing OpenAI API authentication by exploiting ASGI web servers' trust in starlette. An attacker can use the API without providing the configured VLLM_API_KEY or --api-key.
vLLM is an inference and serving engine for large language models. In versions prior to 0.22.0, revision pinning controls do not consistently apply to all artifacts loaded for a model, potentially leading to the loading of unverified components.
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin.
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function. These paths pass the script-protocol check but resolve to a cross-origin URL against the current page protocol.
n8n versions before 1.123.15 and 2.5.0 contain a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events.
n8n versions before 2.20.0 contain a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts.
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads. Attackers can use path-normalization techniques to redirect users to attacker-controlled sites.
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter.
Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary app_id parameters to disclose internal rollout channels.
Capgo (backend of Supabase edge functions) before version 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes. This allows unauthenticated requests to reach the handler instead of being rejected at the middleware layer.
Capgo before 12.128.12 fails to filter deleted app versions when joining channels during updates resolution, allowing deleted bundles to remain selectable.

