CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Directory Traversal vulnerability in fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), and BaseHttpRequestHandler._post() components.
The openvpn-auth-oauth2 plugin for OpenVPN server has a vulnerability that allows clients not supporting WebAuth/SSO to access the VPN despite being denied by the authentication logic. The issue exists in versions from 1.26.3 to before 1.27.3 when the plugin is deployed in experimental mode.
In ZEBRA, versions prior to 4.4.0 for zebrad and 6.0.0 for zebra-script had an issue with insufficient error handling during sighash computation, which could lead to the acceptance of an invalid hash type. This could create a consensus split between Zebra and zcashd nodes.
In the Linux kernel, a double free of the fcport structure was found in the qla2xxx SCSI driver. The function qla2x00_els_dcmd_sp_free() frees fcport, and a subsequent free attempt after kref_put() causes a bug.
A vulnerability has been identified in the Linux kernel related to improper management of kthread exit paths, leading to a use-after-free issue. The problem was reported during KUnit testing, where crashes occurred due to corrupted RCU callback function pointers.
A vulnerability in the Linux kernel related to MAC comparison in the tcp-md5 protocol has been fixed to prevent timing attacks.
A vulnerability has been identified in the Linux kernel affecting the smb_lazy_parent_lease_break_close() function. The opinfo pointer is accessed after the RCU read unlock, leading to race conditions and potential use-after-free.
A vulnerability has been identified in the Linux kernel within ksmbd, related to a use-after-free error due to immediate freeing of the oplock_info structure. This issue occurs when the pointer is nullified without a grace period delay in RCU, allowing access to already freed memory.
RELATE is a web-based courseware package. Prior to commit 2f68e16, there was a timing attack vulnerability in course/auth.py — check_sign_in_key().
ZEBRA, a Zcash node written in Rust, prior to zebrad version 4.3.1 and zebra-script version 5.0.2, failed to validate a consensus rule regarding hash types for V5 transactions, potentially leading to a consensus split. Additionally, for V4 transactions, an incorrect hash type was used, which could also result in a consensus split.
Nhost, an alternative to Firebase, prior to version 0.49.1 automatically linked an incoming OAuth identity to an existing Nhost account when email addresses matched. The issue was that some provider adapters incorrectly populated the email verification field, potentially leading to unauthorized access.
Beauty Parlour Management System v1.1 was found to have a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
PraisonAI prior to version 4.6.34 has a vulnerability in the MCP server that allows an attacker to write files outside the rules directory. This can lead to arbitrary code execution in the user's context.
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI had a logical flaw that could be bypassed by attackers, leading to SSRF attacks.
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which may allow unauthenticated remote attackers to execute code via a crafted serialized object.
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.
A vulnerability has been identified in the Linux kernel that allows for a buffer overflow in the ioam6_fill_trace_data() function. The issue arises from improper storage of the schema length, leading to a bypass of the remaining space check in the trace buffer.
In versions from 1.0.0 to before 1.4.1, the ai-scanner tool has a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
The CROSS implementation includes reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there was a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen.

