CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-20243
High

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition or other impacts due to memory corruption. The issue stems from improper boundary checks during ALZ file scanning, leading to an out-of-bounds buffer write.

CVE-2026-20217
High

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition or other impacts due to memory corruption. The issue stems from improper boundary checks in PESpin files during scanning, potentially leading to an out-of-bounds buffer write.

CVE-2026-20216
High

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This is due to improper handling of temporary resources during file scanning.

CVE-2026-20215
High

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other impacts from memory corruption. This is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write.

CVE-2026-20214
High

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition or other impacts due to memory corruption. The issue stems from improper boundary checks during scanning, leading to an out-of-bounds buffer write.

CVE-2026-20213
High

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other impacts, due to memory corruption. The issue stems from improper boundary checks in PE files, leading to an out-of-bounds buffer write.

CVE-2026-20191
HighEPSS 51%

A vulnerability in Cisco Catalyst Center allows an unauthenticated, remote attacker to read arbitrary files from a restricted container. The issue is due to insufficient validation of user-supplied input.

CVE-2026-13211
Medium

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the 'Service' or 'Admin' role.

CVE-2026-12480
Medium

A vulnerability in Keras versions up to and including 3.13.2 allows arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The issue stems from missing checks of the `dataset.is_virtual` property in `H5IOStore._verify_dataset()` and `file_editor.py` methods. An attacker can craft a malicious `.keras` model or `.h5` weights file with a Virtual Dataset (VDS) referencing external HDF5 files.

CVE-2026-8857
Unknown

A vulnerability in the Wikimedia Foundation Timeline extension affects files scripts/EasyTimeline.Pl and includes/Timeline.Php. The issue impacts versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-8480
Medium

A vulnerability in Stormshield Network Security allows authentication using a revoked client certificate on the captive-admin portal. An attacker possessing such a certificate can gain administrative access.

CVE-2026-58127
CriticalEPSS 51%

The vulnerability in PACSgear MediaWriter 5.2.1 is due to missing authentication in the .NET Remoting TCP service on port 9000. An unauthenticated attacker can remotely read and write arbitrary files on the host filesystem and then exploit missing DLLs to achieve remote code execution as SYSTEM.

CVE-2026-58126
CriticalEPSS 50%

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

CVE-2026-58038
Unknown

Cross-Site Scripting (XSS) vulnerability in the Timeline extension for MediaWiki. The flaw is due to improper input neutralization during web page generation in includes/Timeline.php and scripts/EasyTimeline.pl.

CVE-2026-58037
Unknown

A cross-site scripting (XSS) vulnerability was found in MediaWiki due to improper input neutralization during page generation. It affects multiple files including Language.php and BlockLogFormatter.php, and impacts all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-58036
Low

A vulnerability in MediaWiki allows unauthorized actors to access sensitive information through the files ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php.

CVE-2026-58033
Medium

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Actions/InfoAction.php file.

CVE-2026-58032
Medium

A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.

CVE-2026-58030
Medium

An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.

CVE-2026-58029
Medium

A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

PreviousPage 35 of 4495Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS