CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
A vulnerability in Azure Synapse allows execution with unnecessary privileges. An authorized attacker can remotely elevate privileges over a network.
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Kestra is an event-driven orchestration platform that, prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, had an issue with the `inputFiles` task. This allowed file names to be written directly in the task working directory, potentially leading to overwriting files outside of that directory.
A vulnerability in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to redirect users to an untrusted external site (open redirect), potentially leading to privilege escalation over a network.
Versions of Authelia from 4.38.0 to 4.39.19 have an issue with case sensitivity in usernames during Basic Auth authentication. As a result, different case variations can lead to the creation of separate ban buckets for the same user.
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
A vulnerability in Microsoft Copilot allows an unauthorized attacker to perform command injection over a network. The issue stems from improper neutralization of special elements used in a command.
A Cross-Site Scripting (XSS) vulnerability in Microsoft Entra ID allows an authorized attacker to perform spoofing attacks over a network. The flaw is caused by improper neutralization of input during web page generation.
In the Mercator application prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in the CVE configuration panel. The `testProvider()` method in `ConfigurationController` does not validate user input, allowing authenticated users with the right permissions to force arbitrary outbound network requests.
Mercator is a web application that, prior to version 2025.05.19, had a vulnerability in the query engine allowing authenticated users, including those with limited access roles, to execute queries on models beyond their intended scope. Additionally, the `password` column, although marked as `$hidden`, could be used in `LIKE` conditions in filters.
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs, which can lead to the disclosure of HTML files outside the intended static tree.
In version 2.9.1 of the gin-vue-admin platform, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code, leading to the execution of arbitrary operating system commands on the server.
In versions 3.0.0 to 3.0.8, the `run_sql_readonly` tool in ProxySQL violates the read-only contract for MySQL targets, allowing the execution of data-modifying commands. A caller can submit a read-only first statement followed by a second statement that has side effects, such as `RENAME TABLE`.
ProxySQL, a proxy for MySQL and PostgreSQL, has a pre-authentication heap memory corruption vulnerability in versions 2.0.18 through 3.0.8. A remote unauthenticated client can declare an oversized first packet length, potentially leading to exploitation of this vulnerability.
ProxySQL in versions 2.0.0 through 3.0.8 incorrectly accepts a malformed PROXY protocol header, allowing attackers to spoof source addresses. This leads to a bypass of routing and access control rules, enabling attackers to manipulate queries as if they were trusted users.
In the `radvdump` utility shipped with radvd prior to version 2.21, there is a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the `print_ff()` function copies up to 2032 bytes of attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. The main `radvd` daemon is not affected by this vulnerability.
DevGuard prior to version 1.4.2 allows unauthorized modifications of VEX rules by authenticated users, including those from other organizations, on public assets. Users can create, update, reapply, and delete VEX rules and other related vulnerability events.
Version 2.6.3 of the urllib3 library is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue arises from three independent code paths that bypass the `max_length` protection, allowing a malicious HTTP server to trigger an out-of-memory (OOM) condition.
In gonic, a music streaming server, prior to version 0.21.0, there is a logic error in the `ServeCreateOrUpdatePlaylist` function that allows any authenticated Subsonic user (including non-admins) to write M3U playlist content to an attacker-controlled absolute filesystem path on the gonic host.
Gonic, a music streaming server, has a vulnerability that allows authenticated Subsonic users to bypass playlist ownership checks. Users can read and delete other users' playlists and probe arbitrary file paths on the server.

