CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
In libexpat before version 2.8.2, there is an integer overflow in the xmlwf function that can occur when processing NOTATION declarations in endDoctypeDecl.
In libexpat before version 2.8.2, there is an integer overflow in the resolveSystemId function, which may lead to unexpected application behavior.
In libexpat before version 2.8.2, there is an integer overflow for the output filename when the -d outputDir option is used.
libexpat before version 2.8.2 has an integer overflow in the copyString function.
In libexpat before version 2.8.2, there is an integer overflow in the doProlog function related to storeEntityValue and entity textLen.
In libexpat before version 2.8.2, there is an integer overflow in XML_ParseBuffer due to a lack of a check that was present in XML_Parse.
libexpat before version 2.8.2 has an integer overflow in the getAttributeId function.
libexpat before 2.8.2 has an integer overflow in addBinding.
libexpat before 2.8.2 has an integer overflow in storeAtts.
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript.
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access.
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields.
Craft CMS version 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access.
Craft CMS versions 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization. An authenticated administrator can inject malicious payloads into section names, volume names, user group names, global set names, generated field names, checkbox/radio option labels, and custom source labels, causing arbitrary JavaScript to execute in other users' control-panel sessions.
Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. This vulnerability allows low-privileged authenticated users to bypass view authorization for assets.
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that private asset.
Craft CMS contains a stored XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account to inject arbitrary JavaScript.
Craft CMS versions from 5.5.0 to 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method. This allows an authenticated admin user to inject Yii2 event handlers, leading to the execution of arbitrary PHP code and disclosure of sensitive information.
Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other users view or edit permissions.
A vulnerability in ImageMagick before version 7.1.2-15 (and 6.x before 6.9.13-40) causes a heap out-of-bounds read in the DecodeImage loop of the PCD coder. A specially crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, leading to denial of service and potential disclosure of an adjacent heap byte.

