CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, this could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks.
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. This may lead to ineffective protections against replay of UsernameToken nonces and Timestamp elements.
Dulwich, a pure-Python implementation of Git file formats and protocols, had a vulnerability that allowed patch filenames to be derived from commit subject lines. Versions from 0.24.0 to prior to 1.2.5 did not properly sanitize these names, potentially leading to files being saved outside the specified directory.
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack.
SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.
In the bit7z library prior to version 4.0.12, there was a one-byte off-by-one error in the SafeOutPathBuilder::restoreSymlink() function that allowed an attacker to craft a .7z archive. When extracted on non-Windows platforms, this created a symlink that could escape the intended output directory.
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software allows a malicious authenticated administrator to store a JavaScript payload using the web interface.
A person with access to a Mac may be able to bypass the Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
Fission is a serverless framework that operates on Kubernetes and had a vulnerability in path validation prior to version 1.25.0. The SanitizeFilePath function did not properly check directory boundaries, allowing access to unsafe directories.
Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.
Ghidra before version 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
CVE-2026-11859 describes an HTML injection vulnerability in the 'fetch links' emails sent by Thinkst Applied Research Canarytokens, allowing for Interface Manipulation and Cross-Site Scripting (XSS) in email clients that render HTML emails.
The Store Locator WordPress plugin before version 1.6.6 does not sanitize and escape one of its settings before storing and outputting it on the admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks.
A vulnerability has been found in some Dahua products that allows an attacker to obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients.
Vulnerability CVE-2025-59382 has been fixed in a specific software version. QTS, QuTS hero, and QuTScloud are not affected.
Frappe Learning Management System (LMS) prior to version 2.53.0 allowed authenticated users to supply specially crafted content in editable fields, which could lead to visitors' browsers being redirected to an attacker-chosen URL.
Spring Security SAML decrypts SAML Responses and elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, allowing attackers to use the Service Provider as a decryption oracle.
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized write access.

