CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Grav before version 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.
In the PKCS#7 decode path of the wolfSSL library, the caller-supplied output buffer size (outputSz) is ignored, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL version 5.9.0 and earlier, and was fixed in release 5.9.1.
Integer underflow in wc_PKCS7_DecryptOri when processing crafted Other Recipient Info, leading to incorrect length handling during decryption.
A vulnerability in the ParseCRL_Extensions function allows bypassing critical CRL extensions, enabling a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where the crafted CRL has a trusted signature during parsing.
The vulnerability concerns issues with certificate policy and RFC 8446 compliance, involving the continued acceptance of SHA-1 and MD5 algorithms in certificate processing.
A broken access control vulnerability in Bitwarden Server before 2026.5.0 allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks.
Vulnerability in the WolfSSL library involves accepting intermediate certificates with CA:TRUE but without the keyCertSign key usage as signing CAs. Previously, temporary CAs added during certificate path building (WOLFSSL_TEMP_CA) were exempt from this check, allowing invalid certificates to be accepted. Now the check applies to temporary CAs as well, except for operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed ones.
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.
A use-after-free vulnerability was found in the gf_filter_pid_inst_swap function of GPAC/MP4Box before version 26.02.0. An attacker can supply a crafted media file to cause a Denial of Service (DoS).
RTKLIB through version 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c. Attackers can exploit this by providing a malicious RINEX file with more than 64 satellites per epoch, leading to heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications such as rnx2rtkp and RTKPOST.
RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
An off-by-one out-of-bounds read vulnerability in RTKLIB through version 2.4.3 in the decode_ssr3 function at src/rtcm3.c:1446 allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields.
MaxKB before version 2.10.0 contains a server-side request forgery (SSRF) vulnerability in tool creation and update endpoints. It allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters.
Kanboard versions up to 1.2.52 have a vulnerability that allows authenticated users to delete other users' 'Remember Me' sessions. The issue arises from a lack of validation of the session ID parameter in the UserViewController::removeSession method.
NewsBlur before version 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notifications by supplying arbitrary user_id values to the GET /social/interactions endpoint without ownership verification.
In K3s before versions 1.35.3+k3s1, 1.34.6+k3s1, and v1.33.10+k3s1, a path traversal vulnerability exists in the etcd snapshot decompression functionality. ZIP archives containing maliciously named members can be written to arbitrary filesystem locations when an administrator restores the archive as a compressed etcd snapshot.
A vulnerability in File Browser prior to version 2.63.6 allows files with backslash characters in their names to be saved, potentially leading to unauthorized file writes outside the target directory when extracting the archive on Windows systems.
In File Browser before version 2.63.6, the maximum password length is not checked, allowing an arbitrarily long password to be sent to the login API. This causes a spike in CPU and memory usage, leading to container crashes and potentially disrupting the Docker daemon.
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser.

