CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs, which can lead to the disclosure of HTML files outside the intended static tree.
In versions 1.0.0-preview.97 through 1.0.0-preview.101, the @microsoft/kiota-http-fetchlibrary incorrectly handles `Authorization` and `Cookie` headers in cross-origin redirects. The default `scrubSensitiveHeaders` function does not remove these headers, allowing them to be forwarded to malicious hosts.
Statamic is a Laravel and Git powered content management system. Prior to versions 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, potentially exposing sensitive information.
A vulnerability in Grafana Tempo allows an authenticated user to execute a TraceQL query with a large exemplars hint value, causing excessive memory allocation and crashing the Tempo instance due to out-of-memory.
A flaw was found in the AWX GitHub webhook integration. The controller stores the statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint.
The WP Go Maps – Most Popular Map Plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 10.1.01. This is due to improper verification of user authorization, allowing unauthenticated attackers to create arbitrary records in the plugin's database tables.
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, the library fetched the content of option values server-side, leading to the possibility of Server-Side Request Forgery attacks and local file disclosure.
Prior to version 1.22.1 of the libheif library, the uncompressed HEIF decoder incorrectly validated explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash.
The Joomla! Component Easy Shop version 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the appropriate parameters to access sensitive files.
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android fails to properly validate all HTML input, potentially allowing malicious content to be executed in certain situations.
CVE-2026-49231 is an authentication bypass by spoofing vulnerability in the opa plugin. An attacker could relay spoofed identity headers to upstream, potentially allowing them to assume higher privileges.
There is a memory leak in NI grpc-device version 2.17.0 and prior in the BeginSidebandStream function, which may lead to denial of service due to memory exhaustion.
There is an unchecked enum cast vulnerability in NI grpc-device version 2.17.0 and prior in the BeginSidebandStream function. This may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service.
There is an authentication bypass vulnerability in Apache APISIX due to a capture-replay attack. An attacker can exploit certain configurations in hmac-auth to reuse a token indefinitely, bypassing its expiry.
The 'Open Redirect' vulnerability in Apache APISIX allows redirecting users to untrusted sites, potentially leading to phishing and credential theft. This affects versions from 3.0.0 to 3.16.0.
A vulnerability in Apache APISIX related to the use of less trusted sources allows attackers to exploit the wolf-rbac plugin under default configuration, potentially leading to log pollution and violations of IP-based access control rules.
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling.
Cloudflare Quiche is affected by two use-after-free vulnerabilities in the connection ID iterator FFI functions. These functions return a pointer to 'ConnectionId' that is dropped at the end of their scope.
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.

