CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
An out-of-bounds heap read and integer underflow in TCP urgent data handling in libslirp versions before v4.9.2 allows a privileged guest VM attacker to leak sensitive host-process heap memory.
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.
The GV-I/O Box 4E is a smart embedded device that supports communication over Ethernet and RS-485. The DVRSearch service, running by default on port 10001, is vulnerable to a stack overflow that can be exploited by an attacker to execute malicious code.
The GV-I/O Box 4E is a smart embedded device that is vulnerable to stack overflow due to improper handling of UDP messages. An attacker can send a specially crafted message, leading to potential buffer overflow.
The GV-I/O Box 4E is an embedded smart device that is vulnerable to stack overflow due to improper handling of UDP messages. An attacker can send a specially crafted message, potentially leading to unauthorized access or device failure.
A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service.
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.
GV-I/O Box 4E is a smart embedded device that supports communication over Ethernet and RS-485. The DVRSearch service, running by default on this device, is vulnerable to a stack overflow that can be exploited by an attacker to execute malicious code.
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to and including 7.1.3 due to insufficient input sanitization and output escaping.
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'custom_attributes' parameter in all versions up to and including 1.7.2 due to insufficient input sanitization and output escaping.
In a vulnerability in Google go-attestation, the parseEfiSignatureList() function improperly validates indices, allowing attacker-controlled vendor header bytes to be appended to the trusted SHA256 hash list. This could lead to a remote attestation verifier accepting a compromised boot state.
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability from version 4.3.0 to 5.4.4. Users are at risk with direct or indirect usage of the API, especially in NodeJS server applications.
The vulnerability in Anthropic Claude Desktop (versions v1.1348.0 through v1.2278.0) involves missing integrity verification of the Cowork VM root filesystem image. A local attacker with unprivileged access to the macOS user account can modify the rootfs.img image, which will be trusted on subsequent VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories.
A missing cryptographic step in Caliptra Core Firmware leads to an incorrect GCM authentication tag. Using the AES-256-GCM API with empty AAD results in the GHASH accumulator state not being saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext.
Incorrect check of function return value in Caliptra Core Runtime Firmware allows bypass of MCU FW verification during hitless updates.
FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields.
Poweradmin is a web-based DNS administration tool that in versions prior to 4.2.4 and 4.3.3 uses the attacker-controlled `HTTP_HOST` request header to build callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An attacker can exploit this vulnerability to take over the victim's account.
In Snipe-IT versions prior to 8.6.0, a user with users.edit permission can send a PATCH request to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser, e.g., assets.view, assets.create, reports.view, import. The issue is fixed in version 8.6.0.

