CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.15)

CVE-2026-41076
High

RT is an issue and ticket tracking system that contains an authentication bypass vulnerability in versions 5.0.9 and prior, as well as 6.0.0 through 6.0.2. Under certain LDAP server configurations, an attacker may authenticate as any LDAP-backed RT user without supplying valid credentials.

CVE-2026-41075
High

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability that allows an authenticated user to manipulate data in the RT database.

CVE-2026-41074
High

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to trigger arbitrary state-changing actions in RT on behalf of a logged-in user.

CVE-2026-41071
High

In versions 1.21.2 and prior, the libheif library has a heap-buffer-overflow vulnerability in the SampleAuxInfoReader constructor caused by an incorrect declaration of the number of samples in a HEIF file. During file parsing, the number of samples may exceed the number of available chunks, leading to out-of-bounds read.

CVE-2026-3294
High

Wielokrotne wzmacniacze sygnału TP-Link mają lukę w logice uwierzytelniania, która pozwala nieautoryzowanemu atakującemu z sąsiedniej sieci manipulować parametrem logowania i zresetować hasło administratora z powodu niewystarczającej walidacji.

CVE-2026-5843
High

Backend MLX w Docker Model Runner na macOS wykorzystuje bibliotekę MLX-LM, która bezwarunkowo importuje i wykonuje dowolne pliki Pythona z katalogów modeli poprzez pole model_file w pliku config.json. Brak mechanizmu weryfikacji bezpieczeństwa pozwala na wykonanie złośliwego kodu na hoście Docker jako użytkownik Docker Desktop.

CVE-2026-5817
High

Backend inferencji vllm-metal w Docker Model Runner na macOS bezwarunkowo ustawia trust_remote_code=True podczas ładowania tokenizatorów modeli i działa bez sandboxingu. To powoduje, że transformers.AutoTokenizer.from_pretrained() importuje i wykonuje dowolne pliki Pythona zawarte w każdym modelu pobranym z rejestru OCI, co prowadzi do wykonania dowolnego kodu na hoście Docker jako użytkownik Docker Desktop.

CVE-2026-40607
High

Mantis Bug Tracker (MantisBT) versions 2.11.0 through 2.28.1 contain a Stored XSS vulnerability caused by incorrect escaping of a saved filter's owner. This allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname is set to ON.

CVE-2026-40597
High

Mantis Bug Tracker (MantisBT) versions 2.28.1 and below have a vulnerability that allows an attacker to bypass the script-src directive in the Content Security Policy (CSP) by uploading a malicious attachment to any issue. When the file is downloaded via the file_download.php link, the malicious JavaScript code can be executed.

CVE-2026-40596
High

Mantis Bug Tracker (MantisBT) versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. As a result, an XSS payload could be reflected on every MantisBT page.

CVE-2026-9291
High

Insecure deserialization in the job results processing component in Amazon Braket SDK before version 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results.

CVE-2026-6406
High

Flaga --use-api-socket w Docker CLI omija ograniczenia Enhanced Container Isolation (ECI) w Docker Desktop. Umożliwia to kontenerowi pełny dostęp do gniazda Docker Engine, co może prowadzić do eskalacji uprawnień.

CVE-2026-40172
High

In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows assigning arbitrary groups, including groups with superuser privileges, leading to privilege escalation.

CVE-2026-40166
High

In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the client_secret of confidential OAuth2 providers, exposing sensitive information.

CVE-2026-39970
High

TypeBot is a chatbot builder tool that contains a critical stored XSS vulnerability in the profile picture upload form in versions 3.15.2 and prior. The application fails to sanitize or restrict SVG/XML uploads, allowing for the execution of malicious JavaScript code.

CVE-2026-39968
High

TypeBot is a chatbot builder tool that in versions 3.15.2 and prior has an incomplete fix for the credential theft issue. Although the getCredentials tRPC endpoint was patched, the bot engine still allows authenticated users to use credentials from any workspace.

CVE-2026-46727
High

An issue was discovered in Ruby 4 before 4.0.5 related to a race condition leading to a use-after-free in the getaddrinfo timeout handler. A remote attacker can crash a Ruby process by delaying DNS responses near the user-specified timeout.

CVE-2026-39965
High

TypeBot is a chatbot builder tool that in versions 3.15.2 and prior contains an SSRF via Open Redirect Bypass. This allows an authenticated user to point a bot block to an attacker-controlled server, leading to access to internal services.

CVE-2026-9255
High

Brak walidacji źródła wejściowego w oknie autoryzacji narzędzi w Kiro CLI przed wersją 1.28.0 umożliwia lokalnemu atakującemu wykonanie dowolnych narzędzi, w tym poleceń powłoki, bez zgody użytkownika, poprzez przygotowanie treści przesyłanej do kiro-cli za pomocą stdin.

CVE-2026-37470
High

A vulnerability in ClipBucket v5.5.2 allows an attacker to execute arbitrary code via the authentication interface, login page endpoint, and HTTP response security headers components.

PreviousPage 254 of 3324Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS