CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-12565
Medium

The unarchive internal module does not perform validation on file paths during archive extraction, relying on external tools, which may lead to unauthorized system access. Specifically, on systems with GNU tar < 1.34, a malicious archive can write files outside the intended extraction directory.

CVE-2024-27928
Medium

In versions prior to 5.0.0 of the vantage6 software, an attacker who gains access to a user's email account can reset the password and the 2FA token via email, reducing security to a single authentication factor (email access). Version 5.0.0 fixes this issue.

CVE-2026-8049
Medium

W SignalRGB w wersjach starszych niż 1.3.7.0 obiekt urządzenia \.\SignalIo został utworzony bez jawnego deskryptora zabezpieczeń SDDL oraz bez flagi FILE_DEVICE_SECURE_OPEN. Powoduje to nadmiernie liberalną domyślną kontrolę dostępu, umożliwiając każdemu uwierzytelnionemu użytkownikowi lokalnemu uzyskanie uchwytu do urządzenia i wysyłanie uprzywilejowanych żądań IOCTL.

CVE-2026-54386
Medium

Marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript.

CVE-2026-48991
Medium

XianYuLauncher is a Minecraft Java Edition launcher, in versions prior to 1.5.5, there was a risk of exposing sensitive authentication artifacts during a user-initiated login under certain local attack conditions. Affected versions relied on a fixed localhost redirect URI without PKCE or state validation.

CVE-2026-48990
Medium

The joserfc library in versions 1.3.4 through 1.6.5 accepts oversized JWS payloads without proper length checks, potentially leading to resource exhaustion. This issue has been fixed in version 1.6.7.

CVE-2026-48820
Medium

In CakePHP, versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, the View::_getElementFileName() function does not check if the resolved element path is within the allowed application/plugin view template paths. This weakness can be exploited to include other PHP files on the server using specifically crafted user-supplied data.

CVE-2026-49133
Medium

Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument.

CVE-2026-48988
Medium

markdown-it is a Markdown parser that contains a denial-of-service vulnerability in versions 14.1.1 and below when typographer: true is enabled. The issue arises from quadratic processing in the smartquotes rule, leading to excessive CPU consumption when parsing quote-heavy markdown.

CVE-2026-48821
Medium

Shaarli is a personal bookmarking service that versions 0.16.1 and prior contain a Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. The issue arises from malicious bookmark titles being returned via an AJAX response and inserted into the DOM without proper sanitization.

CVE-2026-55201
Medium

Evil-WinRM up to version 3.9 contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory. Attackers can exploit this vulnerability to overwrite sensitive client-side files, leading to persistent access or privilege escalation.

CVE-2026-55199
Medium

A vulnerability in libssh2 (up to version 1.1.1.1) allows a pre-authentication denial of service attack. A malicious SSH server can send a crafted extension count value (nr_extensions=0xFFFFFFFF) during key exchange, causing a client CPU exhaustion loop for over 60 seconds due to unchecked return values from _libssh2_get_string() and session timeout not applying to CPU-bound loops.

CVE-2026-48823
Medium

Shaarli, a personal bookmarking service, contains a stored XSS vulnerability in the tag filtering functionality in versions 0.16.1 and prior. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark, leading to the storage of a malicious payload in the database.

CVE-2026-48822
Medium

Shaarli is a personal bookmarking service that versions 0.16.1 and prior contain a Cross-Site Scripting (XSS) vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link.

CVE-2026-48817
Medium

A vulnerability in Starlette versions 1.0.1 and below allows an attacker to invoke internal methods not intended for HTTP request handling by using non-standard HTTP verbs. The issue stems from the lack of restriction on allowed HTTP methods when registering an endpoint via Route(...) without explicitly setting the methods= parameter.

CVE-2026-32682
Medium

A vulnerability in NGINX Gateway Fabric allows an authenticated remote attacker with permission to create or modify GRPCRoute resources to cause the control plane to terminate by sending specially crafted GRPCRoute configurations containing backendRef filters.

CVE-2026-10741
Medium

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

CVE-2026-55198
Medium

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data.

CVE-2026-55197
Medium

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles.

CVE-2026-53870
Medium

Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions, exposing conversation history and HMAC secrets to local users.

PreviousPage 93 of 540Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS