CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Jenkins Script Security Plugin version 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
OpenColorIO prior to version 2.5.2 contains a vulnerability in FileFormatSpi3D.cpp where sscanf with %s format writes data into 64-byte stack buffers. Input comes from a 4096-byte lineBuffer, allowing a crafted .spi3d file to overflow by approximately 4000 bytes on non-Windows systems.
A vulnerability in ProFTPD up to versions 1.3.9b and 1.3.10rc2 allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit unresolved symlink components in dir_canonical_path() to cause dir_check() to perform lexical path comparisons that match no configured Directory block, enabling rename operations on files in DenyAll-protected directories and subsequent retrieval.
A vulnerability in Google Gemini CLI and run-gemini-cli GitHub Action allows an unprivileged attacker to execute host-level code before sandboxing via a maliciously crafted .gemini/.env file. The issue affects CLI versions before 0.39.1 and Action versions before 0.1.22 on headless CI platforms.
An SQL injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes in n8n before version 2.4.0 allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integrity.
Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter.
Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-brain ownership. Attackers can directly update apps.owner_org while leaving app_versions.owner_org unchanged.
Capgo before version 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive organization management API endpoints do not validate 2FA completion on the backend, allowing an authenticated Admin user without 2FA to bypass the requirement.
Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/record_build_time with a public API key.
Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to configured receivers.
Capgo versions before 12.128.2 fail to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via the x-limited-key-id header in the middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys.
Capgo before 12.128.2 contains a BOLA (broken object level authorization) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. An attacker can exploit the controlled app_id to authorize requests, allowing them to start or cancel build jobs of other tenants.
Capgo before version 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization.
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to and including 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string.
Picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
Picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load() is called.
A vulnerability in the Linux kernel's pskb_carve_inside_header() and pskb_carve_inside_nonlinear() functions copies skb_shared_info without incrementing the reference count for MSG_ZEROCOPY. This causes a use-after-free condition that can be exploited for privilege escalation.
CVE-2026-10745 describes an improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows, allowing log injection, tampering, and forging.
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs that allow attackers with appropriate permissions to create malicious posts and leak password reset links.
CVE-2026-56052 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection in FunnelKit Funnel Builder.

