CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53128
Medium

In the Linux kernel, the DRBD driver has an RCU call imbalance in drbd_adm_dump_devices(). The function calls rcu_read_unlock() without a preceding rcu_read_lock(), which can lead to incorrect RCU behavior.

CVE-2026-53059
Medium

In the Linux kernel, a vulnerability in the dm log module allows an out-of-bounds write due to a 32-bit unsigned int overflow in region_count when using dm_sector_div_up() which returns 64-bit sector_t. This results in undersized heap buffers and subsequent heap memory corruption.

CVE-2026-50712
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component.

CVE-2026-50711
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

CVE-2026-50710
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

CVE-2026-50709
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

CVE-2026-50708
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

CVE-2026-50705
Medium

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

CVE-2026-50704
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

CVE-2026-50703
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

CVE-2026-50701
Medium

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

CVE-2026-50700
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

CVE-2026-50699
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document, leading to script execution when users open the affected Auto Repeat form.

CVE-2026-50698
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component.

CVE-2026-11878
Medium

OpenText Access Manager versions 5.1 through 5.1.2 are vulnerable to Cross-Site Scripting (XSS) due to improper input neutralization during web page generation. This allows an attacker to inject malicious JavaScript into a victim's browser.

CVE-2026-57307
Medium

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2026-57306
Medium

A CSRF vulnerability in Jenkins Zowe zDevOps Plugin version 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2026-57305
Medium

The Assembla Plugin in Jenkins versions 1.4 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

CVE-2026-57304
Medium

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password.

CVE-2026-57302
Medium

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

PreviousPage 60 of 530Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS