CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An integer overflow vulnerability was found in the dsp_mmap_single() function during validation of memory mapping requests. A large offset and length can cause the sum to wrap around, bypassing the check and allowing mapping beyond the audio buffer into unrelated kernel memory.
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before version 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription. This allows any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference (IDOR).
HCL Traveler for Microsoft Outlook (HTMO) is vulnerable due to the use of deprecated .NET Framework 4.5, which no longer receives security updates. This may expose the application to publicly known security weaknesses through vulnerable third-party components.
A vulnerability in H.View IP cameras allows authenticated users to upload arbitrary files to fixed filesystem locations without validating file type, structure, or size. This can place unexpected or malformed data in trusted certificate storage areas, affecting system integrity even after reboot.
A vulnerability in H.View IP cameras allows an authenticated user to inject unsanitized XML data into the certificate generation interface. This data is incorporated into a backend certificate creation command without proper validation, potentially leading to code execution with elevated privileges.
The DMP-5000 file service exposes authenticated arbitrary file upload without validation. No file extension filtering or content inspection is enforced, allowing executable binaries and scripts to be accepted and written directly to the server.
DMP-5000 devices are shipped with a default administrative web account that has weak authentication controls and is not required to be changed during initial setup or operation. Using these accounts provides full system access.
A vulnerability in the BasicAuth component of Kestra OSS before version 1.3.24 allows an attacker with read access to the PostgreSQL database to recover the administrator password offline due to SHA-512's high computation speed. In Kubernetes deployments, this enables privilege escalation to read the cluster ServiceAccount token and all K8s Secrets.
In Kestra before versions 1.0.45 and 1.3.23, the local internal-storage backend improperly validates user-supplied paths, allowing an attacker to smuggle a traversal sequence using backslashes (..\..\..\) before conversion to forward slashes. An authenticated user with the lowest privilege can read any file on the server filesystem, including the H2 database, stored secrets, and credentials.
In Kestra before versions 1.0.43 and 1.3.19, several API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard only inspects the literal URI.toString(), so a URL-encoded .. written as %2E%2E slips through. The downstream code then calls URI.getPath(), which decodes %2E%2E back to .., and the resulting path is handed to Paths.get(...) without normalization. The OS resolves the .. segments at open(2) time, so an authenticated user with a single execution can read any file the Kestra process has access to on the host filesystem (/etc/passwd, mounted secrets, other tenants' execution outputs, etc.).
A vulnerability in Technitium DNS Server version 14.3 and earlier allows a remote attacker to cause a denial of service (DoS) via the DnsServerApp.exe, DnsServerApp.dll, and TechnitiumLibrary.Net/Dns/DnsClient.cs components.
Budibase before version 3.39.9 is vulnerable to SSRF via DNS rebinding. Authenticated users with automation permissions can bypass the IP blacklist because hostname validation before the request is not pinned to the actual connection.
Budibase prior to version 3.39.9 has a vulnerability in the webhook trigger endpoint, which is publicly accessible and passes the full HTTP request body into automation execution parameters. An attacker can overwrite the internal appId property, allowing automation execution in the victim's context and granting full read/write access to the victim's database.
Notepad++ version 8.9.6.1 has a vulnerability where the isInTrustedDirectory() function does not canonicalize the path before checking. It uses a prefix-based check that can be bypassed with a path containing ..\..\ after a trusted directory prefix, resolving to an untrusted location. This issue is fixed in version 8.9.6.2.
Budibase prior to 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials from a workspace datasource. The route is protected only by recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access.
A vulnerability in Budibase before 3.39.0 allows an attacker to permanently link a victim's account to an external chat identity (Slack/Discord/MS Teams) without user consent. The public endpoint lacks authentication and CSRF protection, and the attack requires tricking an authenticated user into visiting a crafted URL.
Notepad++ prior to version 8.9.6.1 contains a vulnerability due to missing validation of the <Command> tag content in shortcuts.xml. An attacker can inject arbitrary commands that execute when the user clicks the corresponding entry in the Run menu.
Notepad++ prior to version 8.9.6.1 has a vulnerability due to missing validation of the <GUIConfig name="commandLineInterpreter"> tag in config.xml. An attacker can modify this file to execute arbitrary commands with user privileges when the console is opened via File → Open Containing Folder → cmd.
Notepad++ versions 8.9.4 through 8.9.6 contain a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without an absolute path after setting the working directory to the contextMenu directory. If an attacker places a malicious powershell.exe in a user-writable installation directory and a privileged user runs the installer selecting that directory, the attacker-controlled executable runs with elevated privileges.
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

