CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-28699
High

A vulnerability in Gitea up to version 1.26.1 allows bypassing OAuth2 access token scope enforcement via HTTP Basic authentication.

CVE-2026-27771
HighEPSS 98%

A vulnerability in Gitea up to version 1.26.1 is caused by insufficient permission checks for Composer package source links. This can expose private or internal package source information.

CVE-2026-26231
High

A vulnerability in Gitea up to version 1.26.1 allows users with read-only access to a repository to authorize commits via the 'Allow edits from maintainers' permission path. This bypasses intended write restrictions.

CVE-2026-22555
High

A vulnerability in Gitea before version 1.26.0 allows API users to fork a repository into an organization without passing the CanCreateOrgRepo check, potentially exposing organization secrets.

CVE-2026-20779
High

A vulnerability in Gitea versions 1.5.0 through 1.26.2 allows a valid TOTP code to be reused multiple times in two-factor authentication flows via web and Basic Auth with the X-Gitea-OTP header.

CVE-2026-12481
High

A vulnerability in Keras version 3.14.0 allows arbitrary code execution due to improper deserialization handling in the `Lambda` layer. The `_raise_for_lambda_deserialization()` function fails to enforce safe-mode when `safe_mode` is `None` (default), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized.

CVE-2026-14606
High

A stack-based buffer overflow vulnerability was discovered in RT-Thread up to version 5.0.2 in the CAN_Receive function within the SWM341.h file of the SWM341 CAN Handler component. A local attacker can trigger the overflow through manipulation. A public exploit is available.

CVE-2026-14605
High

A vulnerability was found in RT-Thread up to version 5.0.2 in the recvmsg function of the ls1c_can.h file within the ls1c CAN Handler component. This issue leads to a stack-based buffer overflow, potentially allowing a local attacker to execute code or crash the system. The exploit is publicly available, and the vendor did not respond to the disclosure.

CVE-2026-58379
High

A heap buffer overflow vulnerability was found in GIMP's Paint Shop Pro (PSP) file format parser. The flaw occurs due to incorrect buffer size calculations when processing low bit-depth images, allowing a remote attacker to execute arbitrary code or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP file.

CVE-2026-53478
High

Dell PowerProtect Data Domain in multiple versions contains an OS command injection vulnerability. A high privileged attacker with remote access could exploit this flaw to execute arbitrary commands.

CVE-2026-49815
High

Dell PowerProtect Data Domain in multiple versions contains an OS command injection vulnerability. A high-privileged attacker with remote access could exploit this flaw to execute arbitrary OS commands.

CVE-2026-49814
High

Dell PowerProtect Data Domain in multiple versions contains an OS command injection vulnerability. A high-privileged attacker with remote access could exploit this flaw to execute arbitrary commands.

CVE-2026-14460
High

Missing authorization in TUBITAK BILGEM's pardus-software allows argument injection. The vulnerability affects versions 1.0.4 and earlier, fixed in version 1.0.5.

CVE-2026-14459
High

An argument injection vulnerability in TUBITAK BILGEM's pardus-software allows attackers to inject additional arguments into commands. The issue affects versions up to and including 1.0.4 and is fixed in version 1.0.5.

CVE-2026-13341
High

A vulnerability in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0 allows a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

CVE-2026-10055
High

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller.

CVE-2026-10054
High

In Eclipse Theia versions 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket without service-level authentication. WebSocket origin validation is fail-open, allowing an attacker to execute arbitrary OS commands via terminal takeover.

CVE-2026-47896
High

A Path Traversal vulnerability in the Apache Lucene.Net.Replicator library allows unrestricted file reading outside the restricted directory. Affected versions are from 4.8.0-beta00005 through 4.8.0-beta00017.

CVE-2026-9148
High

The Comments – wpDiscuz plugin for WordPress up to version 7.6.56 is vulnerable to Stored Cross-Site Scripting. This is due to insufficient output escaping in the getCommentAuthor() function, which interpolates the stored comment_author_url value directly into single-quoted HTML attributes without applying esc_url() or esc_attr(). Unauthenticated attackers can inject arbitrary web scripts that execute whenever a user accesses an injected page.

CVE-2026-47897
High

A Path Traversal vulnerability in the Lucene.Net.Replicator library allows unauthorized access to files outside the restricted directory. The issue affects versions from 4.8.0-beta00005 up to 4.8.0-beta00017.

PreviousPage 4 of 3296Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS