CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
RT is an issue and ticket tracking system that contains an authentication bypass vulnerability in versions 5.0.9 and prior, as well as 6.0.0 through 6.0.2. Under certain LDAP server configurations, an attacker may authenticate as any LDAP-backed RT user without supplying valid credentials.
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability that allows an authenticated user to manipulate data in the RT database.
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to trigger arbitrary state-changing actions in RT on behalf of a logged-in user.
In versions 1.21.2 and prior, the libheif library has a heap-buffer-overflow vulnerability in the SampleAuxInfoReader constructor caused by an incorrect declaration of the number of samples in a HEIF file. During file parsing, the number of samples may exceed the number of available chunks, leading to out-of-bounds read.
Wielokrotne wzmacniacze sygnału TP-Link mają lukę w logice uwierzytelniania, która pozwala nieautoryzowanemu atakującemu z sąsiedniej sieci manipulować parametrem logowania i zresetować hasło administratora z powodu niewystarczającej walidacji.
Backend MLX w Docker Model Runner na macOS wykorzystuje bibliotekę MLX-LM, która bezwarunkowo importuje i wykonuje dowolne pliki Pythona z katalogów modeli poprzez pole model_file w pliku config.json. Brak mechanizmu weryfikacji bezpieczeństwa pozwala na wykonanie złośliwego kodu na hoście Docker jako użytkownik Docker Desktop.
Backend inferencji vllm-metal w Docker Model Runner na macOS bezwarunkowo ustawia trust_remote_code=True podczas ładowania tokenizatorów modeli i działa bez sandboxingu. To powoduje, że transformers.AutoTokenizer.from_pretrained() importuje i wykonuje dowolne pliki Pythona zawarte w każdym modelu pobranym z rejestru OCI, co prowadzi do wykonania dowolnego kodu na hoście Docker jako użytkownik Docker Desktop.
Mantis Bug Tracker (MantisBT) versions 2.11.0 through 2.28.1 contain a Stored XSS vulnerability caused by incorrect escaping of a saved filter's owner. This allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname is set to ON.
Mantis Bug Tracker (MantisBT) versions 2.28.1 and below have a vulnerability that allows an attacker to bypass the script-src directive in the Content Security Policy (CSP) by uploading a malicious attachment to any issue. When the file is downloaded via the file_download.php link, the malicious JavaScript code can be executed.
Mantis Bug Tracker (MantisBT) versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. As a result, an XSS payload could be reflected on every MantisBT page.
Insecure deserialization in the job results processing component in Amazon Braket SDK before version 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results.
Flaga --use-api-socket w Docker CLI omija ograniczenia Enhanced Container Isolation (ECI) w Docker Desktop. Umożliwia to kontenerowi pełny dostęp do gniazda Docker Engine, co może prowadzić do eskalacji uprawnień.
In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows assigning arbitrary groups, including groups with superuser privileges, leading to privilege escalation.
In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the client_secret of confidential OAuth2 providers, exposing sensitive information.
TypeBot is a chatbot builder tool that contains a critical stored XSS vulnerability in the profile picture upload form in versions 3.15.2 and prior. The application fails to sanitize or restrict SVG/XML uploads, allowing for the execution of malicious JavaScript code.
TypeBot is a chatbot builder tool that in versions 3.15.2 and prior has an incomplete fix for the credential theft issue. Although the getCredentials tRPC endpoint was patched, the bot engine still allows authenticated users to use credentials from any workspace.
An issue was discovered in Ruby 4 before 4.0.5 related to a race condition leading to a use-after-free in the getaddrinfo timeout handler. A remote attacker can crash a Ruby process by delaying DNS responses near the user-specified timeout.
TypeBot is a chatbot builder tool that in versions 3.15.2 and prior contains an SSRF via Open Redirect Bypass. This allows an authenticated user to point a bot block to an attacker-controlled server, leading to access to internal services.
Brak walidacji źródła wejściowego w oknie autoryzacji narzędzi w Kiro CLI przed wersją 1.28.0 umożliwia lokalnemu atakującemu wykonanie dowolnych narzędzi, w tym poleceń powłoki, bez zgody użytkownika, poprzez przygotowanie treści przesyłanej do kiro-cli za pomocą stdin.
A vulnerability in ClipBucket v5.5.2 allows an attacker to execute arbitrary code via the authentication interface, login page endpoint, and HTTP response security headers components.

