CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The vulnerability allows bypassing X.509 trust-chain validation in the wolfSSL_X509_verify_cert() function of the wolfSSL library. It only affects builds with --enable-opensslextra (OPENSSL_EXTRA) and applications that call X509_verify_cert() with caller-supplied untrusted intermediate certificates. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate.
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret.
The AVX2-optimized ML-KEM implementation in wolfSSL compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts differing solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security.
A use-after-free vulnerability was found in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC/MP4Box before version 26.02.0. Attackers can cause a Denial of Service (DoS) by supplying a crafted MPEG-2 TS file.
In CANBoat through version 6.22 (fixed in commit a5a22b7), an off-by-one global buffer overflow vulnerability exists in the searchForPgn() function in analyzer/pgn.c. Attackers can send a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP, causing an out-of-bounds array access and application crash.
NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration.
libais through 0.15 has a vulnerability where VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences.
Huly Platform through version 0.7.423 contains an authenticated server-side request forgery (SSRF) vulnerability in the /import endpoint that allows workspace users to make arbitrary server requests.
A vulnerability in Seahub before version 13.0.23 allows unauthenticated users to bypass the SHARE_LINK_LOGIN_REQUIRED enforcement via a GET request to /api/v2.1/share-link-zip-task/. Attackers with a folder share-link token can obtain a fileserver zip token and download entire shared directory trees.
Maxun before version 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens.
Hydra up to version 9.7 contains a stack buffer overflow vulnerability in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing buffer overflow and enabling remote code execution.
In File Browser before version 2.63.16, an authenticated user with only Create permission can delete files outside their scope (including other tenants' data and the application's database) by exploiting the cleanup path after a failed upload. The ScopedFs.RemoveAll method bypasses symlink protections, and the direct upload handler calls it on a user-controlled path.
File Browser before version 2.63.6 contains a vulnerability where a low-privileged authenticated user with create and delete permissions in their own isolated scope can permanently destroy share-link records belonging to other users, including the administrator. This is done by performing a legitimate DELETE operation on a file whose logical path is a byte-prefix of another user's stored share.Link.Path.
File Browser prior to version 2.63.7 allowed creating public shares for any path without verifying the existence of the file. When a file was created at that same location, the share became immediately active, leading to unauthorized access to files.
File Browser prior to version 2.63.14 does not prevent HTTP file handlers from following symbolic links, allowing users to cross their intended scope boundaries.
File Browser before version 2.63.6 contains a vulnerability due to incorrect path handling in public shares. An attacker who knows the URL of a public directory share can bypass rules blocking access to files and subdirectories located under the shared directory. The issue arises because the system rebases the filesystem root to the shared directory and then evaluates paths relative to it, instead of relative to the owner's original scope.
File Browser before version 2.33.8 allows bypassing the command allowlist using shell metacharacters. The allowlist only validates the first token of user input, but the entire raw string is passed to the shell, allowing arbitrary commands to be executed after a permitted one.
Glances is a system monitoring tool that, from versions 4.0.8 to 4.5.5, has a vulnerability in the secure_popen() function. This function interprets redirection, pipe, and command chaining operators without validation, allowing unauthorized actions on the system.
A vulnerability in the SYMCRYPTO hardware module (SiXG301) allows weakening of DPA (Differential Power Analysis) countermeasures by forcing specific seed values. An attacker with code execution capability on the device can reduce the entropy of protection mechanisms, increasing the risk of cryptographic key extraction.
In Glances before version 4.5.5, a vulnerability exists in the XML-RPC server. When the CORS origin list (cors_origins) contains more than one entry, the implementation incorrectly sets the Access-Control-Allow-Origin header to *, allowing access from any origin. A malicious web page can thus read the full system monitoring dataset without the victim's knowledge.

