CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58053
Critical

A vulnerability in Gitea act_runner with Docker backend (up to act 0.262.0) allows bypassing privileged mode restrictions. By passing container options like --pid=host, --cap-add, and --security-opt, a user can access host namespaces and escalate privileges to root.

CVE-2026-12415
Critical

The Invoice Generator plugin for WordPress up to version 1.0.0 contains a privilege escalation vulnerability. Missing capability checks in the pravel_invoice_edit_account() AJAX action allow unauthenticated attackers to change the email address of any user, including administrators, and then use the password reset flow to take over the account.

CVE-2026-28701
CriticalEPSS 53%

A vulnerability in Daktronics Controller Firmware allows remote users (both authenticated and unauthenticated) to escape the intended directory and enumerate arbitrary file system paths.

CVE-2026-53576
Critical

In Kestra before versions 1.0.45 and 1.3.21, the REST API authentication filter bypasses credential checks for requests ending in '/configs'. An unauthenticated attacker can exploit this to create flows with Shell or Process tasks that execute as root inside the container, and via the mounted /var/run/docker.sock gain access to the host Docker daemon.

CVE-2026-49869
Critical

In Kestra OSS prior to versions 1.0.45 and 1.3.21, the AuthenticationFilter uses request.getPath().endsWith("/configs") to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match, any API path whose last segment is configs bypasses authentication entirely. An unauthenticated remote attacker can exploit this to create and execute arbitrary workflows without credentials.

CVE-2026-54352
Critical

Budibase before version 3.39.9 contains a vulnerability due to improper validation of symbolic links during ZIP file processing. A builder-level attacker can inject a symbolic link pointing to any file on the system, which will be read and uploaded to MinIO, then served via the API.

CVE-2026-54350
Critical

Budibase before version 3.39.12 contains a vulnerability that allows an unauthenticated user to read all documents from MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collections, and if a public write query exists, to modify all documents in a single HTTP request. The issue stems from improper input validation in the validateQueryInputs function, which only rejects Handlebars markers but does not escape JSON metacharacters, enabling injection of additional fields into the filter object.

CVE-2026-50137
Critical

Budibase prior to version 3.39.0 contains a vulnerability allowing an anonymous attacker to obtain a pre-signed PUT URL for any S3 bucket the victim has access to. The attack requires knowledge of a workspace ID and S3 datasource ID but no authentication.

CVE-2026-53309
Critical

In the Linux kernel, an off-by-one vulnerability was found in the OCFS2 file system's dlm_match_regions() function. The loop comparing local and remote regions uses '<=' instead of '<', causing a read beyond the valid range of the qr_regions array. Other loops in the same function correctly use '<'.

CVE-2026-52785
Critical

OpenProject before versions 17.3.3 and 17.4.1 contains a SQL injection vulnerability in the timestamps functionality. Attackers can exploit the timestamps parameter to execute unauthorized database queries.

CVE-2026-52782
Critical

In OpenProject prior to versions 17.3.3 and 17.4.1, an IDOR vulnerability exists in the endpoint /projects/<A>/settings/project_storages/<A_ps_id> via the PATCH parameter "storages_project_storage[project_folder_id]". A project administrator can hijack the managed Nextcloud or OneDrive folder of another project on the same storage, leading to unauthorized resource access.

CVE-2026-52780
Critical

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE).

CVE-2026-46386
Critical

The official openproject/openproject Docker image ships with a default SECRET_KEY_BASE=OVERWRITE_ME, which combined with cookies_serializer = :marshal allows any logged-in user a deterministic Marshal-deserialization path via the /my/two_factor_devices cookie reader. This vulnerability is fixed in a later version.

CVE-2026-33646
Critical

The mise tool prior to version 2026.3.10 processes .tool-versions files through the Tera template engine with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode, allowing an attacker to place a malicious file in a git repository and execute commands without a trust prompt.

CVE-2026-54636
Critical

A vulnerability in Dokku prior to version 0.38.7 allows escape from a Docker container via special shell characters in cron commands in the app.json file. An attacker can execute arbitrary commands on the host as the Dokku user.

CVE-2026-45408
Critical

A vulnerability in Dokku before version 0.38.2 allows remote code execution by an authenticated user. The app name validation permits shell metacharacters, which are then embedded unquoted into a git hook script, enabling arbitrary command execution as the dokku user.

CVE-2026-45406
Critical

Dokku before version 0.38.2 contains a vulnerability in the openresty-vhosts plugin that allows arbitrary command execution on the host as the dokku user. The issue stems from improper interpolation of filenames from the app's openresty/http-includes/ git repository directory into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution.

CVE-2026-45405
Critical

A vulnerability in Dokku prior to version 0.38.2 allows an attacker to write arbitrary files on the system by exploiting the git:from-archive and certs:add commands. The attacker can supply a crafted tar/zip archive containing symbolic links, which enables overwriting the ~/.ssh/authorized_keys file and gaining unrestricted shell access.

CVE-2026-0685
Critical

Server side template injection (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

CVE-2025-11919
Critical

The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath, leading to arbitrary code execution during JVM startup.

PreviousPage 11 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS