CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-12049
Medium

Open redirect vulnerability in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honored the user-supplied 'next' parameter without confirming the target points back to pgAdmin, allowing an authenticated user to be redirected to an external attacker-controlled host.

CVE-2026-56077
Medium

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. The lack of agent ID uniqueness enforcement enables sharing ledger instances and exposing system prompts and conversation history between agents.

CVE-2026-56074
Medium

PraisonAI versions before 1.5.128 cache tool approval decisions based only on tool name, not invocation arguments, allowing subsequent execute_command calls to bypass approval prompts.

CVE-2026-49205
Medium

phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController, allowing unauthorized operations on four API endpoints.

CVE-2026-22674
Medium

Hashgraph Guardian up to version 3.6.0 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API.

CVE-2026-45696
Medium

In OpenEXR versions 3.4.0 through 3.4.11, a heap-buffer-overflow READ vulnerability exists in the ht_undo_impl() function of the HTJ2K decoder. The issue arises from missing validation of the OpenJPH line buffer size against the declared EXR channel width, leading to deterministic crashes (DoS) and potential adjacent heap leak.

CVE-2026-44663
Medium

In OpenEXR versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted HTJ2K-compressed EXR file. The multiplication of channel width (int32_t) by bytes_per_element in 32-bit signed arithmetic can overflow, causing an out-of-bounds write. The same pattern appears in two other HTJ2K paths.

CVE-2025-15661
Medium

The vulnerability in libssh2 up to version 1.11.1 (fixed in commit 2dae302) allows an out-of-bounds heap read in the sftp_symlink() function in src/sftp.c. A malicious SSH server or man-in-the-middle attacker can disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response.

CVE-2026-56099
Medium

A vulnerability in OpenBSD before commit 6a23123 (2026-06-18) in the mpls_do_error function within sys/netmpls/mpls_input.c allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

CVE-2026-48983
Medium

In versions prior to 0.9.2, pam_usb has a symlink race condition in per-device and per-user pad directory creation. A local attacker can exploit this vulnerability by replacing the target path with a symlink to a directory they control.

CVE-2026-48982
Medium

In versions prior to 0.9.2, pam_usb creates a temporary file without the O_EXCL flag when updating a one-time pad file. This can lead to a situation where two concurrent processes updating the same pad may both succeed, resulting in overwriting the pad value.

CVE-2026-48981
Medium

In versions prior to 0.9.2, pam_usb calls xmlReadFile() with flags=0 when loading the configuration file, allowing libxml2 to process external entity references (XXE). This can lead to outbound network connections or local file reads at XML parse time from the context of the authenticating process.

CVE-2026-48980
Medium

In versions prior to 0.9.2, the pam_usb module, responsible for hardware authentication on Linux, is vulnerable to environment variable injection. The XRDP_SESSION, DISPLAY, and TMUX variables can be manipulated by a local user, affecting the local and remote session checking logic.

CVE-2026-47847
Medium

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The default environment variables MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD are set to 'monitor' and 'monitor', creating a risk of unauthorized access.

CVE-2026-43915
Medium

In Coturn prior to version 4.11.0, a stored XSS vulnerability was found in the HTTPS web-admin interface. An attacker can create a TURN allocation with a crafted USERNAME value, causing HTML/JavaScript execution when an authenticated admin views the TURN session list.

CVE-2026-9692
Medium

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator uses low-entropy sources, making them predictable.

CVE-2026-55392
Medium

NILFS utilities up to version 2.3.0 have a validation issue with the s_log_block_size field in the NILFS2 superblock in the nilfs_sb_is_valid() function. Attackers can supply crafted NILFS2 images, leading to undefined behavior and crashes of tools like nilfs-tune and dumpseg.

CVE-2026-48937
Medium

A flaw in Node.js HTTP/2 server API allows servers to keep accepting data even after sending a `GOAWAY` frame. This affects **Node.js 22** and **Node.js 24**.

CVE-2026-47833
Medium

CVE-2026-47833 is a privilege escalation vulnerability from container to host via manipulation of the bpm.log file. A compromised process inside a bpm container can force the system to change the owner of any host file, leading to the exposure of passwords from the /etc/shadow file.

CVE-2026-48986
Medium

In pam_usb versions 0.9.1 and earlier, a bug can lead to an infinite loop DoS due to improper initialization of the *ppid variable. In the pusb_local_login() function, the same variable is reused as input and output in a loop, which can cause the authenticating process to hang.

PreviousPage 83 of 513Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS