CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-43512
Critical

A vulnerability in the digest authentication mechanism in Apache Tomcat allows for authentication bypass. This affects versions from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, 8.5.0 to 8.5.100, and versions before 7.0.0.

CVE-2026-41293
Critical

The vulnerability related to improper input validation in Apache Tomcat may lead to unauthorized access or data manipulation. It affects versions from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from 9.0.0.M1 to 9.0.117, and from 10.0.0-M1 to 10.0.27.

CVE-2026-34187
Critical

CVE-2026-34187 is a vulnerability related to improper neutralization of special elements used in SQL commands, allowing SQL Injection via graph container parameter. This issue affects Pandora FMS versions from 777 to 800.

CVE-2026-31228
Critical

Adversarial Robustness Toolbox (ART) through version 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for LossFn and Optimizer parameters without any sanitization, allowing an attacker to inject arbitrary Python code.

CVE-2026-31226
Critical

The TinyZero project contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without proper input sanitization or escaping.

CVE-2026-31220
Critical

PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. Low-privileged users can submit Python functions for remote execution on the server, creating a risk of executing dangerous code.

CVE-2026-31217
Critical

The _load_model() function in the neural_magic_training.py script of the optimate project allows arbitrary code execution. A user can supply a directory path via the --model command-line argument, which allows reading and executing the module.py file from that directory without validating its content.

CVE-2026-31216
Critical

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechanisms.

CVE-2026-31215
Critical

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls, allowing unauthenticated remote attackers to delete documents from ElasticSearch indices.

CVE-2026-31214
Critical

The torch-checkpoint-shrink.py script in the ml-engineering project contains an insecure deserialization vulnerability. The use of torch.load() to process PyTorch checkpoint files (.pt) without enabling the weights_only=True parameter allows for the deserialization of arbitrary Python objects.

CVE-2026-30805
Critical

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS from versions 777 through 800.

CVE-2026-8401
Critical

A sandbox escape vulnerability exists in the Profile Backup component of Firefox and Thunderbird. It is fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

CVE-2026-8043
Critical

In Ivanti Xtraction before version 2026.2, external control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

CVE-2026-45091
Critical

In enterprise mode of the sealed-env library for Node.js and Java/Spring Boot, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. The JWS payload is base64-encoded JSON, but not encrypted.

CVE-2026-8072
Critical

In the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board, there is insecure generation of credentials. The vulnerability arises because the secret access credentials are not based on a secure cryptographic scheme, but rather on a weak hashing algorithm.

CVE-2026-7428
Critical

Prior to 2025-11-03, users of Terraform or the REST API for Google Cloud AlloyDB for PostgreSQL could create clusters with an insecure default password, which could be exploited by a remote attacker to gain full administrative access to the database.

CVE-2026-41551
Critical

A vulnerability has been identified in ROS# (All versions < V2.2.2) related to path traversal due to improper sanitization of user input. This could allow a remote attacker to access arbitrary files on the device.

CVE-2026-25787
Critical

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the 'Motion Control Diagnostics' page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page.

CVE-2026-25786
Critical

Affected devices do not properly validate and sanitize PLC/station name rendered on the 'communication' parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page.

CVE-2026-22924
Critical

A vulnerability in SIMATIC CN 4100 (versions prior to V5.0) allows unauthenticated attackers to exhaust resources via unrestricted connections. This can disrupt normal device operations.

PreviousPage 80 of 559Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS