CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A flaw was found in GLib where a buffer over-read occurs in the g_regex_replace function when using the G_REGEX_RAW compile flag and case-change replacement escapes. The string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This can lead to minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
A flaw was found in GLib where an out-of-bounds read of 2 bytes occurs in the g_date_time_get_ymd function in glib/gdatetime.c when processing an invalid GDateTime object created by g_date_time_add_full. This can corrupt date output and cause logic errors.
An off-by-one error was found in GLib in the gvs_tuple_is_normal function within glib/gvariant-serialiser.c. The bounds check uses > instead of >=, causing an out-of-bounds read of one byte during alignment padding checks. This flaw can lead to minor information disclosure of one byte and denial of service if the read crosses a page boundary.
A flaw was found in Keycloak where a user with `manage-clients` permission can inject a hardcoded role mapper into any client. This bypasses scope restrictions and adds the `realm-admin` role to tokens, leading to privilege escalation and full administrative access to the realm.
A vulnerability in Keycloak's Admin UI allows administrators with limited permissions to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an admin who can only search for users can use the 'brute-force-user' endpoint to access full user profiles, including sensitive information and security metadata. The issue is due to missing permission checks for the 'view' right on this specific search path.
A flaw in the Identity Provider (IdP) mapper component of Keycloak allows an administrator with limited permissions to assign high-level administrative roles (e.g., realm-admin) to themselves or others by creating a 'Hardcoded Role' mapper. This bypasses security checks and grants full control over the entire realm.
The vulnerability in the Net::BitTorrent library for Perl (versions up to 2.0.1) generates the 160-bit Diffie-Hellman private key for the MSE handshake using a non-cryptographic PRNG (rand()). Since random padding is sent in cleartext from the same generator, a passive observer can recover the PRNG state, then the private key and RC4 keys, allowing decryption of the connection.
A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows writing files outside the download directory via path traversal in peer-supplied metadata. An attacker can exploit the ut_metadata extension (BEP09) to supply file names containing ".." sequences that are not properly validated.
Redeight CMS version 1.0 stores user passwords using the MD5 algorithm without a salt. MD5 is a cryptographically broken algorithm and the lack of salting allows attackers to easily reverse the hashes using rainbow tables.
A Cross-site Scripting (XSS) vulnerability was found in Apache ActiveMQ and its Web Console. The browse page renders a message ID without sanitization, allowing an authenticated producer to send a crafted JMS message ID containing HTML/JavaScript. When an administrator browses the queue, the payload executes in their browser.
A flaw has been found in Foreman where HTTP parameters can be modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS, GCP, or Azure environments.
Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. An attacker can execute JavaScript code or inject a dynamic iframe into the victim's browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'.
An HTML injection vulnerability has been discovered in Intermark IT's WebControl CMS v3.5. An attacker can send an email containing malicious HTML code to a victim via the contact form. Exploitation requires sending a request with the 'nombreApellidos', 'dirección', and 'comentarios' parameters to '/processContact.do'.
A use-after-free vulnerability was found in the SSSD (System Security Services Daemon) PAM component responsible for YubiKey authentication. The flaw is caused by improper memory pointer handling, which can lead to a crash. A local attacker could exploit this by manipulating smartcard or YubiKey contents.
Nokia MantaRay is affected by an Improper Access Control vulnerability due to insufficient authorization in the API. An authenticated attacker can retrieve confidential information beyond their assigned privileges.
The decode-uri-component library through version 0.4.1 is vulnerable to denial of service (DoS). The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.
The Fluent Booking WordPress plugin before version 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint. Users with at least the Calendar Manager role can retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.
Multiple laser printers and MFPs implementing Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An attacker can exploit this flaw to execute arbitrary scripts in the browser of a user accessing Web Image Monitor.
The Kali Forms WordPress plugin before 2.4.13 does not sanitize a form field's caption before outputting it as a column header on the admin form-entries screen. Users with Contributor-level access or above can inject JavaScript that executes in an administrator's session. A missing capability check in the post-duplication action allows the Contributor to publish the malicious form so an administrator renders it.
The Plugin for Google Analytics by IO technologies for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page (ga.php), allowing unauthenticated attackers to update the plugin's stored Google Analytics tracking ID option (io-ga-id) via a forged request, provided they can trick a site administrator into clicking a link.

