CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
pypdf is a free and open-source pure-python PDF library. Prior to version 6.13.0, an attacker could exploit this vulnerability to craft a PDF that leads to an infinite loop when extracting text in layout mode.
pypdf is a free and open-source pure-python PDF library. Prior to version 6.12.2, an attacker could craft a PDF that leads to large memory usage by extracting text from a page containing a form XObject with self-references.
The Net::IMAP library in Ruby has a vulnerability that allows arbitrary IMAP command injection due to improper validation of arguments in the #id and #enable methods. This issue affects versions prior to 0.6.5 and 0.5.15.
The Net::IMAP library in Ruby has a vulnerability that allows arbitrary IMAP command injection if the server does not support non-synchronizing literals. Versions prior to 0.6.5 and 0.5.15 are susceptible to an attack that may lead to unauthorized command execution.
A vulnerability in Jupyter Server before version 2.20 allows stored XSS via malicious HTML in notebook display_data output. Missing sandbox directive in Content-Security-Policy for nbconvert endpoints enables script execution under Jupyter origin, leading to session hijacking and remote code execution.
The Authlib library before versions 1.6.10 and 1.7.1 contains an unauthenticated open redirect vulnerability in the OAuth 2.0 authorization endpoint. By sending a request with an unsupported response_type and an attacker-controlled redirect_uri, an HTTP 302 response redirecting to an arbitrary URL can be obtained.
Gophish through version 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function processes Office documents as ZIP archives, allowing a zip bomb payload to be exploited.
A vulnerability in Dell Wyse Management Suite (WMS) prior to version 2605 involves the use of default credentials. It allows an attacker with high privileges and local access to disclose sensitive information.
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component. An attacker can send crafted requests to the web server, causing overload.
LangChain prior to version 1.3.9 contains a vulnerability where several components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include file-search middleware, configuration loaders, and path-prefix authorization checks that can allow access to files outside the configured root via glob patterns, symlinks, or path segment boundary bypass.
A vulnerability in @astrojs/netlify prior to version 7.0.13 allows for improper matching of image patterns, potentially leading to unauthorized access to resources. Patterns using wildcards can match more paths and hosts than intended.
In versions prior to 6.4.6 of the Astro framework, the spreadAttributes function in the server-side rendering pipeline did not sanitize object keys against injection, allowing attackers to add arbitrary HTML attributes, including event handlers.
The Hono framework prior to version 4.12.25 has a vulnerability in the Body Limit middleware, which trusts the request's Content-Length header to determine if the body is within the allowed limit. On AWS Lambda, a client can declare a smaller Content-Length while sending a larger body, allowing them to bypass the limit.
The Advanced Linux Sound Architecture (ALSA) library before version 1.2.16.1 contains a double-free vulnerability in the parse_def() function, allowing attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. The issue occurs when parsing nested configuration blocks, where return values are not checked, leading to snd_config_delete() being called twice on the same already-freed node.
Hono is a web application framework that prior to version 4.12.25 on AWS Lambda@Edge had an issue with repeated request headers. The adapter wrote header values using Headers.set, causing earlier values to be overwritten, and only the last one reached the application.
Hono is a web application framework that supports any JavaScript runtime. Prior to version 4.12.25, on AWS Lambda, ALB single-header responses and VPC Lattice v2 responses join multiple Set-Cookie headers into one comma-separated value, leading to issues with proper processing by clients.
In Hono framework before version 4.12.25 on Windows hosts, an encoded backslash (%5C) in the request path decodes to a separator, allowing an attacker to read static files protected by prefix-mounted middleware.
In versions prior to 2.8.0 of the opentelemetry-js library, the W3CBaggagePropagator.extract() method in @opentelemetry/core does not enforce size limits when parsing HTTP headers. The W3C Baggage specification recommends a maximum size of 8,192 bytes and 180 entries, which was not enforced for incoming headers.
In AIOHTTP before version 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. The attack requires an open redirect vulnerability on the target domain, and the attacker only receives the digest, allowing credential extraction only if cryptography is weak or passwords are reused.
Versions of protobufjs from 8.2.0 to 8.4.2 lacked options to discard unknown fields during decoding, which could lead to excessive memory usage by decoded messages. Version 8.5.0 introduced options to disable unknown field retention, and version 8.6.2 defaults to discarding unknown fields.

