CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.
The Apache Airflow FTP provider's FTPS connection does not encrypt the data channel. Although the control channel is TLS-protected, data is transmitted in cleartext, allowing a network attacker to intercept file contents and credentials.
A vulnerability in the message flow component of WSO2 API Manager allows an unauthenticated attacker to manipulate WS-Addressing headers. The lack of proper validation of these headers enables redirecting server-initiated requests to arbitrary destinations.
The SALESmanago & Leadoo WordPress plugin before version 3.11.3 does not properly sanitize and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorization on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.
The YMC Filter WordPress plugin before version 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
CVE-2026-50741 bypasses the fix for CVE-2026-34916. Attackers can bypass the security patch by sending a disallowed but valid plugin identifier as type or by using the `ox.setChannelTargeting` XML-RPC API method.
A flaw in Node.js WebCrypto implementation crashes the process when the input of `subtle.encrypt()` is a multiple of 2 GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. An attacker who knows the hash can authenticate and gain full access.
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID.
The Setracker2 Android Companion App versions 3.1.5 and prior encrypts communication between the watch and its backend using static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.
Cacti versions 1.2.30 and prior have an SQL injection vulnerability in managers.php due to unsanitized unserialize and implode operations. The lack of integer validation on deserialized array values allows attackers with SNMP agent management permissions to execute arbitrary SQL commands.
The wc_Blake2bHmacFinal and wc_Blake2sHmacFinal functions in the wolfSSL library have an issue when the key length exceeds the block size, resulting in a MAC that is independent of the input data. When a key is too long, the hashing state is reset, causing the loss of message data.
A vulnerability in the wolfSSL library allows bypassing IP address name constraints when the WOLFSSL_IP_ALT_NAME macro is not defined. In this configuration, a certificate can violate IP address constraints imposed by a certificate authority.
The vulnerability in PKCS7_verify allows signer confusion, enabling forged signatures to be accepted. The lack of proper binding between a signature and its signer bypasses verification mechanisms.
Vulnerability in EVP_DigestVerifyFinal allows forgery of zero-length HMAC tags. In the OpenSSL-compatible HMAC verification path, only the supplied signature length not exceeding the MAC length was checked, allowing zero-length or truncated tags to be accepted. The fix requires the supplied tag length to exactly equal the MAC length and rejects zero-length tags.
The vulnerability allows an out-of-bounds write in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list, potentially leading to a buffer overflow.
The WebSocket backend uses predictable session identifiers because multiple endpoints can connect using the same session identifier. This allows unauthorized users to impersonate others or cause a denial-of-service condition by overwhelming the backend with valid session requests.

