CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53871
High

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.

CVE-2026-53869
High

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on specified endpoints, enabling attackers to exploit this vulnerability.

CVE-2026-48818
High

A vulnerability in Starlette 1.0.1 and earlier on Windows allows SSRF via UNC path. When the server validates the path, it sends an SMB request to the attacker, leaking NTLMv2 credentials. The issue affects default follow_symlink=False deployments, including frameworks like FastAPI.

CVE-2026-9697
High

A vulnerability in the undici library causes ProxyAgent to silently drop the requestTls option when configured with a SOCKS5 proxy URI. HTTPS connections through the SOCKS5 tunnel fall back to Node's default trust store, ignoring user-configured TLS settings.

CVE-2026-6734
High

In the undici library, a vulnerability exists where Socks5ProxyAgent reuses a single connection pool across different origins without verifying that the pool matches the requested origin. This causes cross-origin request routing, potentially leading to credential leakage and silent downgrade of HTTPS to HTTP.

CVE-2026-47774
High

A vulnerability in Envoy allows an unauthenticated remote client to trigger excessive memory consumption via HTTP/2 downstream request processing. The issue stems from incomplete accounting of cookie header bytes during size validation and missing limits on total decoded header size in HPACK. This can lead to OOM termination of the Envoy process and denial of service.

CVE-2026-9675
High

The undici WebSocket client in version 8.1.0 does not enforce the cumulative size of fragmented uncompressed messages, leading to unbounded memory growth. A malicious WebSocket server can stream many small fragments that pass validation but collectively exceed the configured limit, resulting in memory exhaustion and denial of service.

CVE-2026-53875
High

Picklescan before version 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function. By using dynamic eval and the __reduce__ trick, attackers can embed malicious magic numbers in PyTorch payloads that evade picklescan detection.

CVE-2026-53872
High

Picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen.

CVE-2026-32652
High

Dell AIOps Collector versions prior to 1.18.3 contain a 'Use of Default Credentials' vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access.

CVE-2026-20190
High

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This issue is due to improper authorization checks when accessing resources.

CVE-2026-12151
High

The undici WebSocket client does not limit the number of message fragments, allowing a malicious server to send many small continuation frames. This causes unbounded memory growth and denial of service (DoS).

CVE-2025-71322
High

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan.

CVE-2025-26240
High

In version 1.0.0 of the python-pdfkit library by JazzCore, the from_string method allows the execution of JavaScript code within the context of the server application and the exfiltration of local files.

CVE-2026-54810
High

Nexi Payments Nexi XPay has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

CVE-2026-54415
High

Missing authorization in the server management routes in Azuriom CMS before version 1.2.11 allows an authenticated attacker with admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses.

CVE-2026-49502
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.

CVE-2026-42530
HighEPSS 87%

NGINX Open Source has a vulnerability in the ngx_http_v3_module. When configured with the HTTP/3 QUIC module, a remote unauthenticated attacker, under specific conditions, can use a crafted HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and a restart. On systems with ASLR disabled or bypassed, code execution is possible.

CVE-2026-42055
HighEPSS 85%

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. It occurs when proxy_http_version 2 or grpc_pass directives are used for HTTP/2 proxying, ignore_invalid_headers is set to off, and large_client_header_buffers size exceeds 2 MB. A remote unauthenticated attacker can send large headers causing a heap-based buffer overflow in the NGINX worker process, leading to a restart or potential code execution.

CVE-2026-35066
High

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

PreviousPage 88 of 3315Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS