CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components.
In versions prior to 0.185.0, Daytona allowed organization role updates and deletions without verifying if the role belonged to the specified organization. An authenticated user owning any organization could modify permissions or delete a role belonging to another organization using that role's identifier.
In versions from 0.101.0 to 0.184.0, sandboxes switched from public to private could remain accessible without authentication for a short period after the change, due to a cached visibility state that was not invalidated.
In versions prior to 0.184.0, users could accept or decline organization invitations even if their email address was not verified. Daytona's authentication system did not require email verification for these actions, creating a risk of unauthorized access.
Crawl4AI prior to version 0.8.9 contains an SSRF vulnerability that allows an unauthenticated attacker to bypass the destination URL check and route traffic through a proxy to internal IP addresses. The attacker can exploit this flaw to access internal services and cloud metadata endpoints while providing a valid crawl URL.
Crawl4AI before version 0.8.8 has an SSRF vulnerability in the Docker API server that allows an attacker to bypass the CIDR blocklist and access internal services and cloud metadata endpoints (e.g., 169.254.169.254) by encoding an IPv4 address in an IPv6 transition form or using the IPv6 unspecified address. Since the Docker API is unauthenticated by default, no credentials are required for the attack.
Home Assistant prior to version 2026.5.3 has a vulnerability in the LocationSensorManager component where the BroadcastReceiver is exported without required permissions. Any installed app, even without runtime permissions, can send a forged Google Play Services LocationResult that is trusted and forwarded to the Home Assistant server as the device's real location.
In Home Assistant before version 2026.6.0, the Konnected integration exposes an HTTP endpoint where GET requests require no authentication, contrary to the code comment. Write requests (POST/PUT) are token-protected, but read requests (GET) are completely unprotected.
Open WebUI is an artificial intelligence platform that prior to version 0.9.6 had a vulnerability in the validate_url function in SafePlaywrightURLLoader, allowing SSRF attacks. The URL validation was only performed on the initial URL, enabling attackers to bypass protections using HTTP redirects.
In Open WebUI prior to version 0.9.6, an SVG XSS vulnerability was found in model profile images. An authenticated user with the default workspace.models permission can store malicious code in a model's profile image, leading to full account takeover of anyone who views the image.
Open WebUI prior to version 0.9.6 allows users to store arbitrary meta.knowledge entries in models without checking file permissions. This enables malicious model owners to access private files of other users.
Open WebUI prior to version 0.9.6 renders Mermaid blocks from Markdown files in the file preview panel, allowing for the injection of malicious JavaScript code into the DOM. Due to the securityLevel: 'loose' setting, attacker-controlled content can be rendered unsafely.
Open WebUI is an artificial intelligence platform that, prior to version 0.9.6, allowed authenticated users to attach arbitrary file_id values to their chat messages without verifying ownership. This enables attackers to access victim files by sharing the chat.
In Open WebUI prior to version 0.9.6, a vulnerability allows an attacker with a valid OAuth identity to submit a public URL that redirects to an internal address. This enables the attacker to read the internal response from their own profile_image_url field.
Caddy before version 2.11.4 has a vulnerability in the forward_auth copy_headers mechanism that allows a remote client to bypass identity header deletion and inject its own headers into PHP/FastCGI applications. This occurs because Caddy normalizes HTTP headers into CGI variables by replacing hyphens with underscores, enabling the attacker to use an underscore alias.
Caddy before version 2.11.4 on Windows incorrectly handles path separators in path matchers, allowing bypass of access controls to protected directories. An unauthenticated remote attacker can access protected resources.
In Deno prior to version 2.8.1, the `node:crypto.checkPrime` and `crypto.checkPrimeSync` functions performed no Miller-Rabin rounds when the `options.checks` parameter was left at its default value of 0. In this mode, the only test applied was trial division by primes up to 17,863, causing composite numbers whose smallest prime factor exceeds that bound to be incorrectly reported as probably prime.
In Deno before version 2.7.10, the escapeShellArg() function in the node:child_process implementation improperly handled cmd.exe special characters on Windows. An attacker controlling part of an argument passed to spawn() or exec() with shell:true could inject additional commands.
In Deno before version 2.7.14, the permission system compared paths at the raw-byte level while the APFS filesystem on macOS treats different Unicode spellings of the same name as the same file. This allows a program to bypass deny rules by using alternative Unicode spellings.
Caddy versions 2.7.0 through 2.11.3 contain a vulnerability in the FastCGI mechanism that allows an attacker to misidentify a non-PHP file as a script. The issue stems from improper use of case-insensitive search functions when handling paths containing non-ASCII bytes. In environments where an attacker can place content into a file served via FastCGI (uploads, file storage, etc.), this can lead to remote code execution.

