CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2026-47077
High

A vulnerability in the hackney library allows for unbounded accumulation of HTTP/3 responses in memory, potentially leading to resource exhaustion.

CVE-2026-47075
High

The vulnerability related to improper neutralization of CRLF sequences in the hackney library allows HTTP request splitting. Hackney does not percent-encode carriage return ( ) or line feed ( ) characters in the URL query component before constructing the HTTP/1.1 request target.

CVE-2026-47073
High

CVE-2026-47073 in the benoitc hackney library has a resource allocation issue without limits, allowing Flooding attacks. The WebSocket client imposes no upper bound on memory consumption in three code paths, leading to memory exhaustion.

CVE-2026-47072
High

The CRLF Injection vulnerability in the hackney library allows for HTTP Request/Response Splitting. An attacker can inject arbitrary HTTP headers into the outbound WebSocket upgrade request, leading to various threats such as credential spoofing or malicious request forwarding.

CVE-2026-47071
High

Uncontrolled Resource Consumption vulnerability in the benoitc hackney library allows for Flooding attacks. The issue arises because after establishing a SOCKS5 connection, the timeout for the TLS connection is set to infinity by default, potentially leading to the blocking of the connecting process.

CVE-2026-47067
High

A vulnerability in the hackney library allows for flooding the BEAM atom table through unbounded resource allocation. An attacker can supply malicious URLs, leading to a crash of the entire BEAM virtual machine.

CVE-2026-47066
High

CVE-2026-47066 vulnerability in the hackney library causes an infinite loop due to an unreachable exit condition, leading to excessive resource allocation. The Alt-Svc response header parser does not guarantee progress, resulting in the process being pinned at 100% CPU.

CVE-2018-25381
High

Joomla Responsive Portfolio version 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests.

CVE-2018-25380
High

The Joomla Component eXtroForms version 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

CVE-2018-25379
High

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

CVE-2018-25377
High

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling.

CVE-2018-25376
High

Socusoft 3GP Photo Slideshow version 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling.

CVE-2018-25375
High

SocuSoft iPod Photo Slideshow version 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler.

CVE-2018-25374
High

Softneta MedDream PACS Server Premium version 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

CVE-2018-25373
High

SocuSoft DVD Photo Slideshow Professional version 8.07 contains a stack-based buffer overflow vulnerability in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.

CVE-2018-25372
High

MedDream PACS Server Premium version 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

CVE-2018-25371
High

The mooSocial Store plugin version 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality.

CVE-2018-25368
High

Nord VPN version 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

CVE-2018-25366
High

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.

CVE-2018-25365
High

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

PreviousPage 249 of 3321Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS