CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server by sending a crafted Sec-WebSocket-Key header. A flaw in the HTTP/1 header parser leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution.
SAP NetWeaver Application Server ABAP and ABAP Platform allow an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may lead to acceptance of tampered identity information, resulting in unauthorized access to sensitive user data.
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal.
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption.
Insufficient validation of untrusted input in UI in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Use after free in Navigation in Google Chrome prior to version 149.0.7827.103 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Integer overflow in UI in Google Chrome on Linux prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Use after free in CameraCapture in Google Chrome on Mac prior to version 149.0.7827.103 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in the Network component of Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Use after free in Printing in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in the Gamepad component of Google Chrome on Windows prior to version 149.0.7827.103 could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
YesWiki is a wiki system written in PHP that prior to version 4.6.6 contained an unsafe execution vulnerability in the Bazar form field calculator (CalcField.php). The flawed implementation of sanitizing user-defined mathematical formulas leads to ReDoS vulnerabilities and allows arbitrary PHP code execution.
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account.
A vulnerability in the Linux kernel related to incorrect length calculations in the extract_kvec_to_sg function has been fixed. These issues could lead to crossing page boundaries and overlapping pointers in the scatterlist.
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie. This exploits unsanitized string concatenation in the token file path construction within the authglinet middleware.
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control.
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware. Attackers can gain admin access by supplying an empty X-Api-Key header value.
Flowise prior to version 3.1.2 lacked route-level authorization for POST /api/v1/node-custom-function, allowing any authenticated user or API key to submit arbitrary JavaScript. When E2B_APIKEY is not configured, this code is executed inside a NodeVM sandbox, which can be escaped.
In versions prior to 3.1.2, FlowiseAI has a mass assignment vulnerability in the assistant update endpoint. This allows authenticated users to modify server-controlled properties, potentially breaking tenant isolation in multi-workspace environments.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison.

