CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-61027
High

An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61025
High

An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61023
High

An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61022
High

An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61021
High

An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61020
High

An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61019
High

An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61018
High

An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2026-54314
High

n8n is a workflow automation platform that prior to version 2.24.0 had an issue with the Compression node allowing attacker-controlled archives to be decompressed without limits on output size. An attacker could send a small compressed archive to a public webhook, causing memory exhaustion and terminating the n8n process.

CVE-2026-54313
High

n8n is an open source workflow automation platform. Prior to version 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation, leading to unintended documents being matched and overwritten with attacker-controlled content.

CVE-2026-54312
High

n8n is a workflow automation platform that prior to version 2.24.0 allowed authenticated users with permissions to create or modify workflows to achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter.

CVE-2026-54311
High

n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode.

CVE-2025-62180
High

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

CVE-2026-56815
High

A vulnerability in pwnlift before d7a9544 in a privileged deployment allows an attacker to follow symbolic links in the upload handler in Components/Pages/Home.razor.

CVE-2026-35019
High

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks.

CVE-2026-35018
High

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function.

CVE-2026-56784
High

OpenRemote before version 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs.

CVE-2026-56379
HighEPSS 64%

A command injection vulnerability in ImageMagick before versions 7.1.2-15 and 6.9.13-40 exists in the SVG decoder. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

CVE-2026-56322
High

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions. This allows attackers to enumerate private channels and leak version/config state.

CVE-2026-56275
High

Flowise before 3.1.0 contains a server-side request forgery (SSRF) vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses and access cloud metadata.

PreviousPage 73 of 3338Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS