CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.
A vulnerability was found in EmpowerID up to version 7.205.0.0 related to the Multi-Factor Authentication Code Handler, leading to information disclosure. The attack complexity is high and exploitation is known to be difficult.
A vulnerability was found in mooSocial mooTravel version 3.1.8, classified as problematic. The manipulation leads to cross site scripting.
A vulnerability has been found in mooSocial mooStore version 3.1.6, leading to cross site scripting attacks. An attacker can remotely manipulate an unknown functionality of the application.
A vulnerability was found in mooSocial mooStore version 3.1.6 that allows cross site scripting (XSS) attacks through manipulation of the argument q in the /search/index file.
A vulnerability was found in DedeBIZ 6.2.10, rated as problematic. It affects some unknown functionality of the Article Handler component and leads to cross site scripting attacks.
A vulnerability was found in Media Browser Emby Server 4.7.13.0, leading to cross site scripting attacks. The issue affects some unknown processing of the file /web/ and may be exploited remotely.
In versions prior to 1.0.1, matrix-appservice-irc allowed crafting an event that could leak part of a message from another bridged room. This required knowing the event ID to target.
A missing Brute-Force protection in CODESYS Development System prior to version 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
A vulnerability was found in Cute Http File Server 2.0, classified as problematic. It affects an unknown part of the search component and leads to cross site scripting attacks.
A vulnerability has been found in PHP Jabbers Availability Booking Calendar version 5.0, allowing cross site scripting attacks through manipulation of the session_id argument in the /index.php file.
The BluetensQ app version 4.3.15 for Bluetens Electrostimulation Device is vulnerable to Man-in-the-Middle attacks over BLE. Attackers can hijack BLE communication to decrease or increase stimulator intensity.
CVE-2023-4016 allows a user with access to run the 'ps' utility on a machine to write almost unlimited amounts of unfiltered data into the process heap.
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.
Discourse is an open source discussion platform, where prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in versions 3.0.6 and 3.1.0.beta7.
A vulnerability has been found in Mingsoft MCMS up to version 5.3.1 that allows cross site scripting attacks through manipulation of the 'style' argument in the search.do file. The attack can be initiated remotely.
A vulnerability was found in SourceCodester Jewelry Store System 1.0, rated as problematic. It affects some unknown functionality of the file add_customer.php, leading to cross-site scripting attacks.
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 that allows cross-site scripting (XSS) attacks by manipulating the First Name/Last Name/Username arguments in the /admin/?page=user/list file.
In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane allows high-privileged users to create Packages referencing arbitrarily large images. This could lead to exhausting available memory and result in the container being OOMKilled.

