CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Pinpoint through version 3.1.0 contains an insecure session management vulnerability where the pinpointJwt session cookie lacks HttpOnly and Secure attributes. This allows attackers to access the cookie via JavaScript (document.cookie) and transmit it in cleartext over HTTP.
An SSRF vulnerability in Pinpoint through version 3.1.0 allows authenticated users to register internal URLs in the webhook registration endpoint due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to send POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.
A broken access control vulnerability in Invidious before version 2.20260626.0 allows unauthenticated attackers to retrieve private playlist contents via the RSS feed playlist endpoint. Attackers can supply a playlist ID to obtain the full playlist contents, owner email address, and associated video entries without authentication.
A broken access control vulnerability in PhotoPrism before version 260601-a7d098548 allows authenticated non-admin users to modify other users' profile information. The missing session-to-user identifier validation in the PUT users API endpoint enables attackers to overwrite another user's profile details without authorization.
A vulnerability in LibrePhotos before version 1.0.0 in the SetPhotosShared endpoint allows authenticated users to bypass ownership validation and grant themselves access to other users' private photos. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos.
LibreTranslate through version 1.9.7 has an IP spoofing vulnerability in the get_remote_address() function. An unauthenticated attacker can inject arbitrary values into the X-Forwarded-For header, bypassing per-IP rate limiting and flood bans.
Parseable before version 2.9.2 exposes webhook tokens and basic-auth credentials in cleartext via notification-target API endpoints due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including low-privilege reader roles, can recover credentials and internal endpoint URLs for all configured notification targets.
A vulnerability in Gorse before version 0.5.10 allows authentication bypass in the /api/dump and /api/restore endpoints. Unauthenticated attackers can exfiltrate the entire database containing personally identifiable information or completely overwrite the dataset.
A vulnerability in Teable before the June 15, 2026 build allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and read field values intended to be restricted from public view.
Modoboa before version 2.9.0 has an insecure direct object reference (IDOR) vulnerability in the PUT /api/v1/accounts/{pk}/password/ endpoint. Domain administrators can change any user's password, including superadmins, leading to full account takeover.
A vulnerability in Nitter allows unauthenticated attackers to exploit the /video media proxy endpoint to send HTTP requests to any host reachable by the server, including cloud metadata services and internal network resources. The issue stems from missing validation of target URLs against Twitter/X domains and the use of a hardcoded default HMAC key.
A Directory Traversal vulnerability in Gigamon GVOS version 5.16.1 and below, located in the H-VUE subsystem, allows unauthorized access to files outside the application's root directory.
A vulnerability was found in the EtherNet IP Message Handler component of the CIPster library (up to commit e8e9dba09bf56962807d3504b783ccdb6287f3e4), involving an out-of-bounds write in the BufWriter::append function. Remote exploitation is possible and the exploit has been made public.
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. By supplying path parameters with directory traversal sequences (../), an attacker can bypass configured path restrictions and access unauthorized endpoints on the same target host.
In Snowflake CLI versions prior to 3.19, improper neutralization of parameters allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing unintended SQL execution in the context of the user's Snowflake session.
A vulnerability in Snowflake CLI prior to version 3.19 allows server-side request forgery (SSRF) due to improper handling of untrusted remote references in !source/!load directives. An attacker can supply crafted SQL content that, when processed through a vulnerable command path, causes unauthorized outbound requests to internal or non-public network locations and remote SQL execution in the victim's session.
A weakness in the Contact Tracking component of DeepMyst Mysti 0.4.0 involves improper authorization in the _isTrackedConversation function of src/managers/ChannelBridge.ts. The attack can be initiated remotely but requires high complexity and is considered difficult to exploit. A public exploit is available, increasing the attack risk.
A security flaw in PcapPlusPlus 25.05 affects the pcpp::ModbusLayer::getLength function in ModbusLayer.h. Manipulating the length argument causes a heap-based buffer overflow, which can be exploited remotely.
A heap-based buffer overflow vulnerability exists in PcapPlusPlus 25.05 in the pcpp::TelnetLayer::getSubCommand function of TelnetLayer.cpp. The attack can be initiated remotely but is difficult to exploit. A public exploit is available.
A heap-based buffer overflow vulnerability was found in PcapPlusPlus 25.05 in the function pcpp::SSLClientHelloMessage::getHandshakeVersion of SSLHandshake.cpp. An attacker can remotely manipulate the handshakeVersion argument, causing a buffer overflow. The attack complexity is high and exploitation is considered difficult, but the exploit has been publicly disclosed.

