CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-50196
High

In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, the `DataCenterInfo.FromJson` method throws an `ArgumentException` for any `name` value other than 'MyOwn' or 'Amazon', leading to issues with service registry deserialization.

CVE-2026-50194
High

Steeltoe is an open source project that provides libraries for building cloud-native applications. In versions 3.2.2 through 3.3.0 and 4.1.0, when management endpoints are configured to listen on an alternate port, the middleware uses the `Host` HTTP header instead of the actual network socket port, leading to potential security vulnerabilities.

CVE-2026-48997
HighEPSS 50%

e107 is a content management system (CMS), versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In the resize_image() function, the source path is properly escaped, but the destination path is inserted inside raw double quotes, allowing an attacker to inject malicious code.

CVE-2026-48989
High

In versions prior to 0.7.5 of the Windows-MCP project, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS. This allowed attackers to remotely execute PowerShell commands as the Windows user.

CVE-2026-12530
High

The install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 has improper neutralization of argument delimiters, which may allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments.

CVE-2026-48979
High

The PHP Standard Library (PSL) has a vulnerability in versions 6.1.0, 6.1.1, and 6.2.0 related to the lack of validation of the total bytes received in DATA frames against the content-length header in HEADERS frames, allowing request smuggling. A malicious client can send more or fewer DATA bytes than declared, leading to incorrect application behavior.

CVE-2026-55202
High

Tinyproxy through 1.11.3 fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation.

CVE-2026-55200
High

libssh2 up to version 1.11.1 has an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on the packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

CVE-2026-50107
High

In NGINX Plus or NGINX Open Source configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component. User-supplied string values from the NginxProxy Custom Resource Definition access log format setting are rendered without sanitization, allowing for the injection of arbitrary NGINX configuration directives.

CVE-2026-12529
High

A vulnerability has been detected in the SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. It affects an unknown function of the file /index.php of the Student Self-Registration Endpoint, leading to improper access controls.

CVE-2026-11407
High

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects. This vulnerability arises from improper implementations of checkMethodAllowed() and checkPropertyAllowed() in the custom Twig SecurityPolicy.

CVE-2026-10696
High

The use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to correlate an installed application with an unrelated, attacker-controlled catalog package.

CVE-2026-53871
High

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.

CVE-2026-53869
High

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on specified endpoints, enabling attackers to exploit this vulnerability.

CVE-2026-48818
High

A vulnerability in Starlette 1.0.1 and earlier on Windows allows SSRF via UNC path. When the server validates the path, it sends an SMB request to the attacker, leaking NTLMv2 credentials. The issue affects default follow_symlink=False deployments, including frameworks like FastAPI.

CVE-2026-9697
High

A vulnerability in the undici library causes ProxyAgent to silently drop the requestTls option when configured with a SOCKS5 proxy URI. HTTPS connections through the SOCKS5 tunnel fall back to Node's default trust store, ignoring user-configured TLS settings.

CVE-2026-6734
High

In the undici library, a vulnerability exists where Socks5ProxyAgent reuses a single connection pool across different origins without verifying that the pool matches the requested origin. This causes cross-origin request routing, potentially leading to credential leakage and silent downgrade of HTTPS to HTTP.

CVE-2026-47774
High

A vulnerability in Envoy allows an unauthenticated remote client to trigger excessive memory consumption via HTTP/2 downstream request processing. The issue stems from incomplete accounting of cookie header bytes during size validation and missing limits on total decoded header size in HPACK. This can lead to OOM termination of the Envoy process and denial of service.

CVE-2026-30802
High

An out-of-bounds read vulnerability in RTI Connext Micro (Core Libraries) allows overreading buffers. This issue affects Connext Micro versions from 4.0.0 before 4.3.0 and from 2.4.5 before 2.4.*.

CVE-2026-30799
High

Missing authentication for a critical function in RTI Connext Professional (Security Plugins) allows identity spoofing. The vulnerability affects versions from 5.3.0 to 7.4.0 before respective patches.

PreviousPage 91 of 3339Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS