CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Punto Switcher through version 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code. They exploit the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll.
In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user.
AutoGPT, a workflow automation platform, has an XSS vulnerability in versions prior to 0.6.62 on the signup page. The application improperly trusts a URL parameter (`next`), allowing an attacker to execute malicious JavaScript in the victim's browser.
HAProxy through version 3.4.0 contains a null pointer dereference vulnerability in the hpack_dht_insert() function in src/hpack-tbl.c. The flaw is due to missing validation of the return value from hpack_dht_defrag() when the memory pool is exhausted, which can crash HAProxy worker processes.
HAProxy through version 3.4.0 contains an integer overflow vulnerability in the fcgi_conn structure's drl field. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect FCGI frame processing. Malicious FastCGI backends can exploit this to desynchronize the frame parser, leading to request routing errors, response smuggling, or memory safety issues.
The EPDS and EDS systems do not verify client-provided values for the 'epds_role_id' parameter, allowing a remote, authenticated attacker to escalate their own privileges.
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.
CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients may cause the unacknowledged message queue to grow indefinitely, leading to an `OutOfMemoryError`. Versions 5.0.23, 6.0.19, 7.0.19, and 8.0.9 patch the issue.
AutoGPT prior to version 0.6.63 has an issue with disk space management as `MediaDurationBlock` downloads and stores video in a temporary directory without deleting it after processing. `StepThroughItemsBlock` allows for multiple iterations of `MediaDurationBlock`, which can lead to disk space exhaustion.
AutoGPT prior to version 0.6.63 has an issue with disk space management as it does not delete video and audio files from the temporary directory. Additionally, the `StepThroughItemsBlock` does not limit the number of iterations, which can lead to disk space exhaustion.
AutoGPT is a workflow automation platform that prior to version 0.6.63 had an issue with the ScreenshotWebPageBlock storing screenshots in a temporary directory. The StepThroughItemsBlock did not limit the number of iterations, which could lead to disk space exhaustion and a DoS attack.
In AutoGPT prior to version 0.6.63, the `StepThroughItemsBlock` allowed iterating through all list items and downloading them via `FileStoreBlock`, which could lead to disk space exhaustion.
AutoGPT is a workflow automation platform that prior to version 0.6.63 had a vulnerability in the LoopVideoBlock component, allowing unlimited looping of video files. This led to the potential exhaustion of disk space, resulting in a DoS attack.
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded, which could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content.
In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges.
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names, leading to the execution of attacker-controlled instructions.
In GeoServer, prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator to pass arbitrary file names to the Master Password Dump web page, potentially creating files containing the master password in plaintext.
GeoServer is an open source software that allows users to share and edit geospatial data. In versions prior to 2.27.0 of the DB2 DataStore extension, an administrator could perform a JNDI attack via a specially crafted DB2 jdbc URL, leading to Remote Code Execution (RCE). Version 2.27.0 fixes this issue.
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.c.

