CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58426
Critical

The vulnerability in Gitea Actions Artifacts V4 stems from HMAC ambiguity in signed URLs, allowing cross-repository artifact read and cross-task upload-state write.

CVE-2026-58289
Critical

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-22874
Critical

CVE-2026-22874 affects Gitea versions up to and including 1.26.2. The SSRF protection in webhook and migration allow-list filtering is incomplete, potentially allowing an attacker to bypass security controls.

CVE-2026-20896
CriticalEPSS 52%

Gitea Docker image versions up to and including 1.26.2 set REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.

CVE-2026-4321
Critical

An SQL injection vulnerability in Destekz by Raera - Ankara Web Design and Digital Advertising Agency allows an attacker to inject malicious SQL code. The issue affects all versions up to 02062026. The vendor confirmed the product is no longer supported.

CVE-2026-14544
Critical

A flaw was found in HPLIP (HP Linux Imaging and Printing Software) as an incomplete fix for CVE-2026-8631. This vulnerability may allow a remote attacker to escalate privileges or achieve arbitrary code execution through an integer overflow in the hpcups processing path when handling specially crafted print data.

CVE-2026-9725
Critical

The Printcart Web to Print Product Designer for WooCommerce plugin up to version 2.5.2 is vulnerable to arbitrary file deletion. This is due to insufficient path validation in the store_design_data() function, which constructs a filesystem path from the user-supplied 'nbd_item_key' POST parameter sanitized only with sanitize_text_field() – which does not strip path traversal sequences – and then passes it to Nbdesigner_IO::delete_folder() and PHP's rename().

CVE-2026-13768
Critical

Gardyn devices expose a privileged iothubowner key. Access to this key allows an attacker to invoke an IoTHub Registry Manager function that returns connection information for all Gardyn Home Kit and Studio devices. It also enables arbitrary command execution on a specific connected device and may allow pivoting to other devices on the user's network.

CVE-2026-13368
Critical

A race condition leading to a use-after-free vulnerability in LDAP authentication for Mobile User VPN with IKEv2 in WatchGuard Fireware OS. A remote unauthenticated attacker could exploit this to execute arbitrary code in the context of the iked process on Fireboxes with external LDAP configured.

CVE-2026-57100
Critical

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

CVE-2026-45499
Critical

A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.

CVE-2026-41106
Critical

A URL redirection to untrusted site (open redirect) vulnerability in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-52830
Critical

A vulnerability in fast-mcp-telegram before version 0.19.1 allows a remote HTTP client to bypass authentication by manipulating the session file path. The Bearer token validation does not reject path separators or normalize the path before checking if the session file exists, enabling a token like '../fast-mcp-telegram/telegram' to authenticate as the default legacy session.

CVE-2026-59099
Critical

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.

CVE-2026-58466
Critical

AutoBangumi before version 3.2.8 contains hard-coded default credentials that allow unauthenticated attackers to authenticate as the administrator using publicly known default credentials. These credentials are seeded at startup via add_default_user() in the database user module when the users table is empty.

CVE-2026-44935
Critical

Missing validation of 'valuesFrom' references in Helm Deployer of SUSE Rancher Fleet allows owners of one tenant to access fleet credentials of other tenants. The vulnerability affects versions 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11, and 0.12 before 0.12.15.

CVE-2024-14037
Critical

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed image/jpeg Content-Type to bypass the absence of extension and MIME type validation, with the uploaded file stored at a predictable path under the uploadfile directory and executed directly by the web server.

CVE-2022-50973
CriticalEPSS 54%

An unauthenticated arbitrary file upload vulnerability in Yonyou KSOA 9.0 allows remote code execution via a crafted POST request to the ImageUpload servlet. Attackers can upload a JSP webshell without any authentication or validation.

CVE-2026-58455
Critical

Dockwatch through version 0.6.567 contains an unauthenticated OS command injection vulnerability. A missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php allows remote attackers to execute arbitrary shell commands.

CVE-2026-56004
Critical

A shellcode injection vulnerability in the Mercurial handler of the obs tar_scm source service before version 0.12.4 allows attackers with a malicious _service file to execute code as the source service or the local user.

PreviousPage 1 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS