CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-54448
Medium

Trivy before version 0.71.0, when scanning Helm chart archives (.tgz), uses a custom tar unpacker that reads each entry with io.ReadAll(tr) without size limit. An attacker can place a malicious .tgz file in the scanned path that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer.

CVE-2026-54040
Medium

A vulnerability in LibreChat prior to 0.8.4-rc1 allows an attacker with a stolen session token to regenerate all 2FA backup codes without requiring any TOTP token or existing backup code. This enables bypassing 2FA login or disabling 2FA entirely.

CVE-2026-54037
Medium

A vulnerability in LibreChat prior to 0.8.4-rc1 allows an authenticated user to bypass rate limiters added for the /fork endpoint by using the /duplicate endpoint, which performs the same expensive database operations but lacks any rate limiter. This can lead to server resource exhaustion.

CVE-2026-54029
Medium

A vulnerability in LibreChat before version 0.8.4-rc1 allows any authenticated user to delete any other user's messages. The delete endpoint lacks a user constraint, enabling an attacker to use their own conversation ID and the victim's message ID to permanently remove messages.

CVE-2026-54027
Medium

Vulnerability in LibreChat before version 0.8.4-rc1 allows an authenticated user to upload files to any agent's tool resources (e.g., context, execute code) without verifying ownership or EDIT permission. The authorization bypass is possible by using the image endpoint instead of the file endpoint.

CVE-2026-54025
Medium

LibreChat prior to version 0.8.4-rc1 has a vulnerability due to missing HTML escaping of double-quote characters in image alt text in Markdown. An attacker can inject malicious HTML code that executes in the victim's browser.

CVE-2026-54024
Medium

A vulnerability in LibreChat before version 0.8.4-rc1 allows an authenticated user to upload arbitrarily large files via the conversation import endpoint, potentially exhausting server disk space and memory. The issue stems from missing file size limits in a separate multer instance for this endpoint and a disabled application-level size check by default.

CVE-2026-9718
Medium

A CWE-617 Reachable Assertion vulnerability allows an authenticated attacker to trigger a denial-of-service (DoS) condition by sending a specially crafted request to a vulnerable network-exposed service. This impacts system availability.

CVE-2026-9651
Medium

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.

CVE-2026-57454
Medium

A vulnerability in Vim versions 9.2.0320 through 9.2.0679 allows an out-of-bounds heap memory read via a crafted undo or swap file. A specially crafted file can store a virtual-text property with offset and length pointing outside the line's property data, causing an out-of-bounds read when Vim restores or displays such a line.

CVE-2026-57453
Medium

In Vim from version 9.1.1784 to 9.2.0678, the bundled zip plugin (autoload/zip.vim) when falling back to PowerShell to browse, read, extract, update or delete entries in a zip archive, builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive.

CVE-2026-57452
Medium

Vim before version 9.2.0671 has a vulnerability when opening files encrypted with VimCrypt~04! or VimCrypt~05! (xchacha20poly1305, requires +sodium feature). If the file body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim.

CVE-2026-57451
Medium

In Vim before version 9.2.0670, a vulnerability was found in the get_text_props() function in src/textprop.c. The function reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow, without checking if the actual data amount is sufficient. A crafted line with a large count but little data causes reading past the end of the line buffer, potentially leading to a crash.

CVE-2026-57438
Medium

Vulnerability in the Nokogiri library (versions prior to 1.19.4) for the Ruby language. During XInclude processing, <xi:include> nodes along with children and namespaces are freed, but if the application previously exposed them to Ruby, Ruby objects point to freed memory, which can lead to invalid reads or writes.

CVE-2026-55892
Medium

In Vim before version 9.2.0662, the dump_prefixes() function in src/spell.c does not check the depth of recursion against the size of stack arrays (prefix[], arridx[], curi[]) when processing prefixes from a .spl file. A crafted .spl file can cause an out-of-bounds write on the stack, corrupting the call frame and crashing the editor.

CVE-2026-54036
Medium

In LibreChat prior to 0.8.4-rc1, an authenticated user (or attacker with a stolen session) can call the GET /api/auth/2fa/enable endpoint, which overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false without requiring any TOTP or backup code verification. This allows an attacker to completely take over a victim's two-factor authentication.

CVE-2026-4522
Medium

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1.

CVE-2026-48946
Medium

A vulnerability in the K2 component allows authors to upload PHP files as article attachments. Apache executes these files, enabling remote PHP code execution in the web server context.

CVE-2026-48945
Medium

A vulnerability in the K2 component for Joomla! allows uploading a ZIP/TAR archive containing PHP files to the gallery directory. The system only renames image files, leaving non-image files (including PHP) extracted as-is and accessible via HTTP, enabling remote code execution.

CVE-2026-48944
Medium

A vulnerability in the K2 component for Joomla! allows an Author to copy any file readable by the web user (e.g., configuration.php or /etc/passwd) to the /media/k2/attachments/ directory by manipulating the `attachment[N][existing]` POST field. Lack of source path validation and `..` filtering in `JPath::clean` enables a path traversal attack.

PreviousPage 42 of 519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS