CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The vulnerability in Gitea Actions Artifacts V4 stems from HMAC ambiguity in signed URLs, allowing cross-repository artifact read and cross-task upload-state write.
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network.
CVE-2026-22874 affects Gitea versions up to and including 1.26.2. The SSRF protection in webhook and migration allow-list filtering is incomplete, potentially allowing an attacker to bypass security controls.
Gitea Docker image versions up to and including 1.26.2 set REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
An SQL injection vulnerability in Destekz by Raera - Ankara Web Design and Digital Advertising Agency allows an attacker to inject malicious SQL code. The issue affects all versions up to 02062026. The vendor confirmed the product is no longer supported.
A flaw was found in HPLIP (HP Linux Imaging and Printing Software) as an incomplete fix for CVE-2026-8631. This vulnerability may allow a remote attacker to escalate privileges or achieve arbitrary code execution through an integer overflow in the hpcups processing path when handling specially crafted print data.
The Printcart Web to Print Product Designer for WooCommerce plugin up to version 2.5.2 is vulnerable to arbitrary file deletion. This is due to insufficient path validation in the store_design_data() function, which constructs a filesystem path from the user-supplied 'nbd_item_key' POST parameter sanitized only with sanitize_text_field() – which does not strip path traversal sequences – and then passes it to Nbdesigner_IO::delete_folder() and PHP's rename().
Gardyn devices expose a privileged iothubowner key. Access to this key allows an attacker to invoke an IoTHub Registry Manager function that returns connection information for all Gardyn Home Kit and Studio devices. It also enables arbitrary command execution on a specific connected device and may allow pivoting to other devices on the user's network.
A race condition leading to a use-after-free vulnerability in LDAP authentication for Mobile User VPN with IKEv2 in WatchGuard Fireware OS. A remote unauthenticated attacker could exploit this to execute arbitrary code in the context of the iked process on Fireboxes with external LDAP configured.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.
A URL redirection to untrusted site (open redirect) vulnerability in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
A vulnerability in fast-mcp-telegram before version 0.19.1 allows a remote HTTP client to bypass authentication by manipulating the session file path. The Bearer token validation does not reject path separators or normalize the path before checking if the session file exists, enabling a token like '../fast-mcp-telegram/telegram' to authenticate as the default legacy session.
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.
AutoBangumi before version 3.2.8 contains hard-coded default credentials that allow unauthenticated attackers to authenticate as the administrator using publicly known default credentials. These credentials are seeded at startup via add_default_user() in the database user module when the users table is empty.
Missing validation of 'valuesFrom' references in Helm Deployer of SUSE Rancher Fleet allows owners of one tenant to access fleet credentials of other tenants. The vulnerability affects versions 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11, and 0.12 before 0.12.15.
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed image/jpeg Content-Type to bypass the absence of extension and MIME type validation, with the uploaded file stored at a predictable path under the uploadfile directory and executed directly by the web server.
An unauthenticated arbitrary file upload vulnerability in Yonyou KSOA 9.0 allows remote code execution via a crafted POST request to the ImageUpload servlet. Attackers can upload a JSP webshell without any authentication or validation.
Dockwatch through version 0.6.567 contains an unauthenticated OS command injection vulnerability. A missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php allows remote attackers to execute arbitrary shell commands.
A shellcode injection vulnerability in the Mercurial handler of the obs tar_scm source service before version 0.12.4 allows attackers with a malicious _service file to execute code as the source service or the local user.

