CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-43999
CriticalEPSS 58%

A vulnerability in vm2 prior to 3.11.0 allows bypassing the NodeVM builtin allowlist when the 'builtin' module is allowed (including via the '*' wildcard). Sandboxed code can use Module._load() to load any module in the host context, leading to remote code execution.

CVE-2026-43997
CriticalEPSS 58%

In the vm2 library for Node.js prior to version 3.11.0, there is a vulnerability that allows obtaining the host object. An attacker can use various methods, e.g., via HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom) and escape the sandbox.

CVE-2026-42557
Critical

A vulnerability in JupyterLab before version 4.5.7 allows arbitrary JupyterLab commands to be executed via a crafted button in an HTML cell. The CommandLinker listens for click events on the entire document and executes commands without verifying the element's origin.

CVE-2026-41225
Critical

A vulnerability exists in iControl REST that allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable running arbitrary commands.

CVE-2020-37168
Critical

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct production key.

CVE-2026-42062
Critical

ELECOM wireless LAN access point devices contain an OS command injection in processing of the username parameter. If processing a crafted request, an arbitrary OS command may be executed.

CVE-2026-40621
Critical

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

CVE-2026-41050
Critical

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo.

CVE-2026-32661
Critical

A stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). A remote attacker can send a specially crafted request to the product's web service, which may lead to arbitrary code execution if the product is configured to run pop3wallpasswd with grdnwww user privilege.

CVE-2025-11159
Critical

Wszystkie wersje Hitachi Vantara Pentaho Data Integration & Analytics zawierają sterownik JDBC dla baz danych H2, który jest podatny na wykonanie zewnętrznych skryptów podczas tworzenia nowego połączenia przez administratora źródła danych.

CVE-2026-44547
Critical

ChurchCRM is an open-source church management system. In versions 7.2.0 to 7.2.2, the fix for CVE-2026-4058 is incomplete, allowing for exploitation of this vulnerability.

CVE-2026-42288
Critical

ChurchCRM is an open-source church management system. In versions prior to 7.3.2, the fix for CVE-2026-39337 is incomplete, allowing for pre-authentication remote code execution via unsanitized DB_PASSWORD.

CVE-2026-41901
Critical

Thymeleaf, a Java template engine, has a security bypass vulnerability prior to version 3.1.5.RELEASE that allows for the execution of dangerous expressions. If an application developer passes unsanitized variables containing such expressions to the template engine, these expressions can be executed in sandboxed contexts, leading to Server-Side Template Injection (SSTI).

CVE-2026-44262
Critical

Scramble generates API documentation for Laravel projects. From versions 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, supplied data may be evaluated during documentation generation, leading to execution of arbitrary PHP code in the application context.

CVE-2026-44258
Critical

In versions prior to 4.08.010, the elfinder_checkRisk function in efw4.X does not validate the dst parameter used by elfinder_paste, allowing an attacker to copy or move files from the home directory to any arbitrary location by setting dst to a base64-encoded traversal path.

CVE-2026-44257
Critical

In efw4.X prior to version 4.08.010, the efw.file.FileManager.unZip method did not check the canonical path when writing zip entries to disk, allowing for directory traversal. An attacker could exploit this vulnerability to drop a malicious JSP file and execute arbitrary commands as the Tomcat user.

CVE-2026-43948
Critical

In wger prior to version 2.6, there is a vulnerability that allows a user with gym.manage_gym permissions to reset the password of any user with no gym assignment. By exploiting an object comparison error, an attacker can take over the victim's account, and the victim's original password is invalidated.

CVE-2026-42854
Critical

In versions prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP header field. Sending a boundary string longer than ~8000 characters overflows the stack and may lead to remote code execution.

CVE-2026-42196
Critical

django-s3file prior to version 7.0.2 is vulnerable to relative path traversal attacks, allowing an attacker to escape pre-signed upload locations and load files from random locations into request.FILES. This may lead to confidentiality and integrity issues.

CVE-2026-45185
Critical

Exim versions before 4.99.3, in certain GnuTLS configurations, has a use-after-free vulnerability in the BDAT body parsing path. This can lead to heap corruption when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection.

PreviousPage 77 of 558Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS