CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-48108
Medium

Russh is a Rust SSH client & server library that from version 0.34.0-beta.1 to before version 0.61.0 did not enforce SSH identification-string rules as strictly as OpenSSH. This issue allowed the server to accept malformed identification lines, potentially leading to resource exhaustion during the pre-authentication phase.

CVE-2026-48107
Medium

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, leading to the use of that count without prior validation of the data.

CVE-2026-46705
Medium

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the user authentication state is kept internally, which may lead to incorrect processing of authentication requests when the user or service changes.

CVE-2026-46523
Medium

In ImageMagick prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free.

CVE-2026-45664
Medium

In ImageMagick prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the MNG coder allows reading more images than the list limit policy permits, resulting in excessive resource consumption.

CVE-2026-45624
Medium

ImageMagick prior to versions 6.9.13-47 and 7.1.2-22 has a vulnerability that allows an out of bounds over-read of 24 bytes when performing polynomial distortion with specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

CVE-2026-45384
Medium

In the bit7z library prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.

CVE-2026-45359
Medium

In ImageMagick prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation.

CVE-2026-45358
Medium

ImageMagick prior to versions 6.9.13-47 and 7.1.2-22 contained an 'off by one' error in the meta encoder, which could lead to an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

CVE-2026-45031
Medium

In ImageMagick prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the PSD decoder allowed bypassing the list-length resource policy when decoding a PSD image. Other security limits still applied.

CVE-2026-42326
Medium

ImageMagick prior to versions 6.9.13-47 and 7.1.2-22 had a vulnerability that allowed an out of bounds read when writing an IPTC output file. This issue has been patched in the mentioned versions.

CVE-2026-11604
Medium

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win versions 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).

CVE-2026-0273
Medium

A command injection vulnerability in PAN-OS® allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as a root user. Exploiting this issue requires access to the PAN-OS CLI or Web UI.

CVE-2026-0272
Medium

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.

CVE-2026-0271
Medium

A privilege escalation vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices allows a local user to execute code with elevated privileges.

CVE-2026-0270
Medium

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network to write arbitrary files to the host.

CVE-2026-0269
Medium

CVE-2026-0269 is a memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software. It allows an authenticated user to initiate system reboots using a maliciously crafted packet.

CVE-2026-0268
Medium

CVE-2026-0268 is a security control bypass vulnerability in the Prisma Access Agent for Linux, allowing a local attacker to route network traffic outside the VPN tunnel.

CVE-2026-0267
Medium

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS allows a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the app. Once the passcode is known, the user can perform these actions even if the GlobalProtect configuration would not normally permit them.

CVE-2026-50127
Medium

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.

PreviousPage 115 of 513Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS