CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.15)

CVE-2026-9372
High

A flaw has been found in ItzCrazyKns Vane up to 1.12.1, affecting unknown code in the file src/app/api/providers/route.ts of the Model Provider API component. Manipulation of the argument baseURL leads to server-side request forgery.

CVE-2026-9368
High

A vulnerability was identified in NousResearch hermes-agent up to version 2026.4.16, impacting the execute_code function in the tools/code_execution_tool.py file of the Environment Variable Handler component. This manipulation leads to a sandbox issue, allowing for remote attack.

CVE-2026-9367
High

A vulnerability was found in NousResearch hermes-agent up to version 5157f5427f19488b31c6fdebbacd15d798ce7f63, affecting the function detect_dangerous_command in the file tools/approval.py of the component terminal_tool. This manipulation leads to OS command injection.

CVE-2026-9366
High

A vulnerability was found in NousResearch hermes-agent version 2026.4.23, concerning the function _scan_context_content in the file agent/prompt_builder.py. The manipulation results in injection that can be performed remotely.

CVE-2026-9364
High

A flaw has been found in projectworlds Online Art Gallery Shop 1.0 affecting an unknown function of the file /admin/adminHome.php. Manipulating the argument social_linked can lead to SQL injection.

CVE-2026-9360
High

A security flaw has been discovered in Edimax EW-7438RPn 1.28a in the function formwlencrypt24g located in the file /goform/formwlencrypt24g. Manipulation of the argument key1 results in buffer overflow, allowing for remote attacks.

CVE-2026-9356
High

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0, allowing SQL injection through manipulation of the ID argument in the /admin/patients/manage_history.php file. The attack can be performed remotely.

CVE-2026-9355
High

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0 that allows SQL injection through manipulation of the ID argument in the file /classes/Master.php?f=save_patient_history.

CVE-2026-9353
High

A vulnerability has been detected in NousResearch hermes-agent up to version 2026.4.23, affecting an unknown function in the file agent/skills_guard.py of the Skills Guard Multi-Word Prompt Handler component. Manipulation of the argument THREAT_PATTERNS leads to injection.

CVE-2026-3515
High

A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. This leads to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE).

CVE-2026-9350
High

A vulnerability was identified in NousResearch hermes-agent up to version 2026.4.16, affecting the function check_all_command_guards in the file tools/approval.py of the Batch Runner component. Manipulation of this function leads to missing authorization.

CVE-2026-9348
High

A vulnerability was found in Edimax EW-7438RPn up to version 1.31, related to an unknown functionality of the file /goform/mp of the component webs. Manipulation of the argument webs results in stack-based buffer overflow, allowing for remote attack.

CVE-2026-48829
High

W GNU SASL przed wersją 2.2.3 występuje dereferencja wskaźnika NULL w mechanizmie DIGEST-MD5, która dotyczy zarówno klientów, jak i serwerów. Problem ten występuje w pliku lib/digest-md5/getsubopt.c, gdy używany jest znany token bez towarzyszącego znaku =.

CVE-2026-9346
High

A flaw has been found in Edimax EW-7438RPn up to version 1.31, affecting the function formWirelessTbl in the file /goform/formWirelessTbl. Manipulating the submit-url argument can lead to buffer overflow.

CVE-2026-9345
High

A vulnerability was detected in Edimax EW-7438RPn up to version 1.31, affecting the function formWizSurvey in the file /goform/formWizSurvey. Manipulating the arguments ssid/manualssid/ip/mask/gateway results in a buffer overflow.

CVE-2026-9344
High

A vulnerability has been identified in Edimax EW-7438RPn devices up to version 1.31, leading to a stack-based buffer overflow. The issue affects an unknown function in the file /goform/formWpsStart of the webs component, where manipulation of the pinCode/wlan-url argument can lead to an attack.

CVE-2018-25358
High

D-Link DIR601 version 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests.

CVE-2018-25356
High

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code.

CVE-2018-25355
High

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers and executing injected shellcode with application privileges.

CVE-2018-25353
High

Redaxo CMS Mediapool Addon version 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files using obfuscated extensions to evade the blacklist filter.

PreviousPage 257 of 3337Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS