CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-25865
High

Punto Switcher through version 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code. They exploit the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll.

CVE-2026-12390
High

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

CVE-2026-56020
High

The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user.

CVE-2026-55237
High

AutoGPT, a workflow automation platform, has an XSS vulnerability in versions prior to 0.6.62 on the signup page. The application improperly trusts a URL parameter (`next`), allowing an attacker to execute malicious JavaScript in the victim's browser.

CVE-2026-55204
High

HAProxy through version 3.4.0 contains a null pointer dereference vulnerability in the hpack_dht_insert() function in src/hpack-tbl.c. The flaw is due to missing validation of the return value from hpack_dht_defrag() when the memory pool is exhausted, which can crash HAProxy worker processes.

CVE-2026-55203
High

HAProxy through version 3.4.0 contains an integer overflow vulnerability in the fcgi_conn structure's drl field. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect FCGI frame processing. Malicious FastCGI backends can exploit this to desynchronize the frame parser, leading to request routing errors, response smuggling, or memory safety issues.

CVE-2026-54104
High

The EPDS and EDS systems do not verify client-provided values for the 'epds_role_id' parameter, allowing a remote, authenticated attacker to escalate their own privileges.

CVE-2026-38718
High

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.

CVE-2025-53114
High

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients may cause the unacknowledged message queue to grow indefinitely, leading to an `OutOfMemoryError`. Versions 5.0.23, 6.0.19, 7.0.19, and 8.0.9 patch the issue.

CVE-2025-32437
High

AutoGPT prior to version 0.6.63 has an issue with disk space management as `MediaDurationBlock` downloads and stores video in a temporary directory without deleting it after processing. `StepThroughItemsBlock` allows for multiple iterations of `MediaDurationBlock`, which can lead to disk space exhaustion.

CVE-2025-32436
High

AutoGPT prior to version 0.6.63 has an issue with disk space management as it does not delete video and audio files from the temporary directory. Additionally, the `StepThroughItemsBlock` does not limit the number of iterations, which can lead to disk space exhaustion.

CVE-2025-32424
High

AutoGPT is a workflow automation platform that prior to version 0.6.63 had an issue with the ScreenshotWebPageBlock storing screenshots in a temporary directory. The StepThroughItemsBlock did not limit the number of iterations, which could lead to disk space exhaustion and a DoS attack.

CVE-2025-32422
High

In AutoGPT prior to version 0.6.63, the `StepThroughItemsBlock` allowed iterating through all list items and downloading them via `FileStoreBlock`, which could lead to disk space exhaustion.

CVE-2025-32392
High

AutoGPT is a workflow automation platform that prior to version 0.6.63 had a vulnerability in the LoopVideoBlock component, allowing unlimited looping of video files. This led to the potential exhaustion of disk space, resulting in a DoS attack.

CVE-2026-46580
High

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded, which could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content.

CVE-2026-44691
High

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges.

CVE-2026-44688
High

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names, leading to the execution of attacker-controlled instructions.

CVE-2025-52465
High

In GeoServer, prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator to pass arbitrary file names to the Master Password Dump web page, potentially creating files containing the master password in plaintext.

CVE-2025-27511
High

GeoServer is an open source software that allows users to share and edit geospatial data. In versions prior to 2.27.0 of the DB2 DataStore extension, an administrator could perform a JNDI attack via a specially crafted DB2 jdbc URL, leading to Remote Code Execution (RCE). Version 2.27.0 fixes this issue.

CVE-2026-8461
High

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.c.

PreviousPage 85 of 3311Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS