CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A path traversal vulnerability in Vibe-Trading before version 0.1.10 allows an attacker to load a controlled JSON file as an authoritative trading mandate by manipulating the proposal identifier. Combined with the file upload endpoint, an admitted caller can fully control the committed mandate, bypassing ceilings validation.
A DNS rebinding vulnerability in Vibe-Trading before 0.1.10 allows bypassing bearer-token authentication. The attacker exploits the server's trust of TCP peer addresses for loopback clients and missing Host header validation while binding to 0.0.0.0 with credentialed CORS. This leads to remote code execution and credential exfiltration.
An authorization bypass vulnerability in DeepTutor before version 1.4.10 allows low-privilege users to invoke unrestricted MCP tools. The allowed_mcp_tools function returns None instead of a denied result when mcp_tools is omitted from a user's grant.
In OpenZiti through version 2.0.0 (fixed in commit 3027fdf), a privilege escalation vulnerability exists. An authenticated non-admin identity with fine-grained enrollment management permissions can create an enrollment token for any identity, including the default administrator, because the ApplyCreate function in controller/model/enrollment_manager.go only verifies the target identity exists without performing authorization checks binding the caller to the target identity.
A vulnerability in the Microsoft.OpenApi library (OpenAPI.NET SDK) can cause process termination due to stack overflow when parsing an OpenAPI document with a circular schema reference. The issue affects versions from 2.0.0-preview11 to 2.7.5 and 3.5.4, confirmed for both JSON and YAML readers.
Reflected XSS vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier. An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. User interaction (clicking a malicious link) is required.
An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.
A vulnerability in Rancher FleetWorkspace allows an unauthenticated attacker with network access to the in-cluster rancher-webhook service to create workspace-related Kubernetes objects with attacker-chosen identity data. Affected versions are 0.7.0 to 0.7.10, 0.8.0 to 0.8.7, 0.9.0 to 0.9.6, and 0.10.0 to 0.10.7.
In Coolify prior to version 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH user on the managed server host.
Insufficient input validation in NetScaler ADC and NetScaler Gateway leads to memory overread when the device is configured as a SAML IDP.
A flaw was found in GLib where a state confusion issue in g_dbus_node_info_new_for_xml() when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>, can cause an unsigned integer overflow and out-of-bounds read, leading to a denial of service.
An off-by-one error was found in GLib's g_key_file_get_locale_string_list function in gkeyfile.c when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
A vulnerability in fzf's --listen mode causes a Denial of Service (DoS) due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage, monopolizing the single-threaded HTTP server and blocking all other clients.
An integer overflow vulnerability was discovered in the fzf tool within the FuzzyMatchV2 function. When the input line length is approximately 2,200,000 bytes and the pattern length is 999 bytes, an overflow occurs, leading to invalid slice bounds. The Go runtime detects this and immediately terminates the process with a non-recoverable panic.
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person-in-the-middle attacks. Affects Rancher 2.14.0 before 2.14.3.
The vulnerability allows a DoS attack via malformed HTTP/2 requests to NetScaler ADC and NetScaler Gateway. It occurs when HTTP/2 is enabled in the HTTP profile and associated with a virtual server (LB, CS, VPN) or a service configured on the device.
Insufficient input validation in NetScaler ADC and NetScaler Gateway leads to memory overread if the TCP Timestamp is enabled in the TCP Profile and associated with a virtual server (type LB, CS, VPN) or a configured service.
An unauthenticated attacker can read arbitrary files on NetScaler ADC and NetScaler Gateway if access to NSIP, Cluster Management IP, or SNIP with management access is enabled.
A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows remote memory exhaustion via deeply nested bencoded input. The decoder has no recursion depth limit, causing O(N^2) memory consumption.
A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows remote memory exhaustion via an uncapped peer-wire message-length prefix. An attacker peer can send a length prefix up to 4 GiB followed by a byte stream, causing uncontrolled growth of the input buffer.

