CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, the `DataCenterInfo.FromJson` method throws an `ArgumentException` for any `name` value other than 'MyOwn' or 'Amazon', leading to issues with service registry deserialization.
Steeltoe is an open source project that provides libraries for building cloud-native applications. In versions 3.2.2 through 3.3.0 and 4.1.0, when management endpoints are configured to listen on an alternate port, the middleware uses the `Host` HTTP header instead of the actual network socket port, leading to potential security vulnerabilities.
e107 is a content management system (CMS), versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In the resize_image() function, the source path is properly escaped, but the destination path is inserted inside raw double quotes, allowing an attacker to inject malicious code.
In versions prior to 0.7.5 of the Windows-MCP project, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS. This allowed attackers to remotely execute PowerShell commands as the Windows user.
The install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 has improper neutralization of argument delimiters, which may allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments.
The PHP Standard Library (PSL) has a vulnerability in versions 6.1.0, 6.1.1, and 6.2.0 related to the lack of validation of the total bytes received in DATA frames against the content-length header in HEADERS frames, allowing request smuggling. A malicious client can send more or fewer DATA bytes than declared, leading to incorrect application behavior.
Tinyproxy through 1.11.3 fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation.
libssh2 up to version 1.11.1 has an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on the packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
In NGINX Plus or NGINX Open Source configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component. User-supplied string values from the NginxProxy Custom Resource Definition access log format setting are rendered without sanitization, allowing for the injection of arbitrary NGINX configuration directives.
A vulnerability has been detected in the SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. It affects an unknown function of the file /index.php of the Student Self-Registration Endpoint, leading to improper access controls.
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects. This vulnerability arises from improper implementations of checkMethodAllowed() and checkPropertyAllowed() in the custom Twig SecurityPolicy.
The use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to correlate an installed application with an unrelated, attacker-controlled catalog package.
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on specified endpoints, enabling attackers to exploit this vulnerability.
A vulnerability in Starlette 1.0.1 and earlier on Windows allows SSRF via UNC path. When the server validates the path, it sends an SMB request to the attacker, leaking NTLMv2 credentials. The issue affects default follow_symlink=False deployments, including frameworks like FastAPI.
A vulnerability in the undici library causes ProxyAgent to silently drop the requestTls option when configured with a SOCKS5 proxy URI. HTTPS connections through the SOCKS5 tunnel fall back to Node's default trust store, ignoring user-configured TLS settings.
In the undici library, a vulnerability exists where Socks5ProxyAgent reuses a single connection pool across different origins without verifying that the pool matches the requested origin. This causes cross-origin request routing, potentially leading to credential leakage and silent downgrade of HTTPS to HTTP.
A vulnerability in Envoy allows an unauthenticated remote client to trigger excessive memory consumption via HTTP/2 downstream request processing. The issue stems from incomplete accounting of cookie header bytes during size validation and missing limits on total decoded header size in HPACK. This can lead to OOM termination of the Envoy process and denial of service.
An out-of-bounds read vulnerability in RTI Connext Micro (Core Libraries) allows overreading buffers. This issue affects Connext Micro versions from 4.0.0 before 4.3.0 and from 2.4.5 before 2.4.*.
Missing authentication for a critical function in RTI Connext Professional (Security Plugins) allows identity spoofing. The vulnerability affects versions from 5.3.0 to 7.4.0 before respective patches.

