CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-60175
Medium

PopAd versions up to 1.0.4 contain a Server Side Request Forgery (SSRF) vulnerability that can be exploited by an attacker to send unauthorized requests from the server.

CVE-2026-52721
Medium

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing.

CVE-2026-50892
Medium

In Nginx Proxy Manager v2.14.0, incorrect access control in the 'Let's Encrypt' certificate download endpoint allows authenticated attackers to obtain TLS private key material via a crafted GET request.

CVE-2026-50876
Medium

A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2026-49953
Medium

Discuz! X5.0 versions from 20260320 to 20260610 contain a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images.

CVE-2026-39197
Medium

Version v0.54.0 of Datadog, Inc Vector has an issue in the /util/http/prelude.rs endpoint that allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.

CVE-2026-37216
Medium

Ruoyi version 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.

CVE-2026-36933
Medium

An issue in Boyleep K11 with y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.

CVE-2026-36521
Medium

PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.

CVE-2026-11931
Medium

Kiro IDE on macOS and Linux before version 0.11.133 has incorrect default permissions that could expose the authentication token cache file to other local users or processes. The file permissions are set to 0644 instead of 0600.

CVE-2025-70102
Medium

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd version 10.3.0 while parsing configuration options. This error occurs in the parse_option() function when an unexpected or invalid option token causes the lookup to yield NULL.

CVE-2025-55663
Medium

A segmentation violation in the Track_SetStreamDescriptor function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55661
Medium

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

CVE-2025-55660
Medium

A stack overflow in the gf_opus_read_length function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55652
Medium

A heap buffer overflow in the gf_isom_vp_config_new function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55650
Medium

A heap use-after-free vulnerability in the gf_node_get_tag function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55649
Medium

A NULL pointer dereference in the gf_media_map_esd function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55648
Medium

A heap buffer overflow in the gf_opus_parse_packet_header function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55647
Medium

The mp4_mux_cenc_insert_pssh function in GPAC MP4Box v2.4 has an Out-of-Memory error that allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55645
Medium

A heap buffer overflow in the gf_cenc_set_pssh function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

PreviousPage 101 of 514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS