CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-54094
High

File Browser prior to version 2.63.14 does not prevent HTTP file handlers from following symbolic links, allowing users to cross their intended scope boundaries.

CVE-2026-54091
High

File Browser before version 2.63.6 contains a vulnerability due to incorrect path handling in public shares. An attacker who knows the URL of a public directory share can bypass rules blocking access to files and subdirectories located under the shared directory. The issue arises because the system rebases the filesystem root to the shared directory and then evaluates paths relative to it, instead of relative to the owner's original scope.

CVE-2026-54090
High

File Browser before version 2.33.8 allows bypassing the command allowlist using shell metacharacters. The allowlist only validates the first token of user input, but the entire raw string is passed to the shell, allowing arbitrary commands to be executed after a permitted one.

CVE-2026-53925
High

Glances is a system monitoring tool that, from versions 4.0.8 to 4.5.5, has a vulnerability in the secure_popen() function. This function interprets redirection, pipe, and command chaining operators without validation, allowing unauthorized actions on the system.

CVE-2026-4930
High

A vulnerability in the SYMCRYPTO hardware module (SiXG301) allows weakening of DPA (Differential Power Analysis) countermeasures by forcing specific seed values. An attacker with code execution capability on the device can reduce the entropy of protection mechanisms, increasing the risk of cryptographic key extraction.

CVE-2026-46608
High

In Glances before version 4.5.5, a vulnerability exists in the XML-RPC server. When the CORS origin list (cors_origins) contains more than one entry, the implementation incorrectly sets the Access-Control-Allow-Origin header to *, allowing access from any origin. A malicious web page can thus read the full system monitoring dataset without the victim's knowledge.

CVE-2026-46607
High

Glances is a system monitoring tool that prior to version 4.5.5 used pickle.load() to read a version-check cache file. The lack of integrity checks and format validation before deserialization allows an attacker with access to this file to plant a malicious pickle file, leading to arbitrary code execution.

CVE-2026-46606
High

Glances is a system monitoring tool that prior to version 4.5.5 had a vulnerability in the KVM/QEMU monitoring engine. VM domain names were passed into command templates without proper sanitization, allowing users with the ability to create or rename virtual machines to execute arbitrary commands.

CVE-2026-12921
High

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

CVE-2026-12897
High

Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.

CVE-2026-55967
High

A vulnerability in AES-GCM implementation allows counter wrap and keystream reuse when processing extremely large single messages (>64 GiB) via streaming APIs, leading to plaintext recovery.

CVE-2026-55961
High

Vulnerability in wolfSSL library affects PKCS7_verify() function, which incorrectly returned success for degenerate PKCS#7 objects containing only certificates, without a signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content.

CVE-2026-55700
High

The pnpm package manager from version 11.3.0 to 11.5.3 has a vulnerability where the `pnpm stage download` command derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file.

CVE-2026-55698
High

pnpm package manager prior to versions 10.34.2 and 11.5.3 persists bootstrap metadata in the first YAML document of pnpm-lock.yaml. A malicious repository can bypass fresh package-manager resolution and cause pnpm to install and execute arbitrary code during automatic version switching.

CVE-2026-55697
High

pnpm prior to versions 10.34.2 and 11.5.3 allows installation of configDependencies declared in pnpm-workspace.yaml before command dispatch. A repository can declare pacquet or @pnpm/pacquet as a config dependency, and pnpm treats this repository-controlled dependency as an install-engine opt-in. During installation, pnpm resolves a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawns it as the developer or CI user.

CVE-2026-55487
High

In pnpm prior to versions 10.34.2 and 11.5.3, the generic peer-suffix normalizer incorrectly stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could authorize a different attacker-controlled source whose locator normalized to the same value.

CVE-2026-50016
High

pnpm before versions 10.34.0 and 11.4.0 allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm uses that alias as a filesystem path when linking dependency nodes, enabling an attacker to replace paths in the current project with symlinks to attacker-controlled directories.

CVE-2026-50015
High

A vulnerability in pnpm package manager prior to versions 10.34.0 and 11.4.0 allows an attacker to write or delete arbitrary files on the filesystem during pnpm install. The issue stems from missing path validation in .patch files, enabling the use of ../ sequences to escape the package directory.

CVE-2026-49839
High

In jq prior to 1.8.2, using `--rawfile` with an attacker-controlled file can cause a heap out-of-bounds write in builds without assertions. The bug is due to the loop not stopping after a 'String too long' error, leading to operations on an invalid object.

CVE-2026-48995
High

A vulnerability in pnpm package manager prior to versions 10.33.4 and 11.0.7 allows a malicious codeload.github.com server to serve arbitrary tarballs, which pnpm will install regardless of the lockfile. The lockfile does not store hashes for dependencies from this server, enabling package substitution.

PreviousPage 52 of 3341Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS