CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Russh is a Rust SSH client & server library that from version 0.34.0-beta.1 to before version 0.61.0 did not enforce SSH identification-string rules as strictly as OpenSSH. This issue allowed the server to accept malformed identification lines, potentially leading to resource exhaustion during the pre-authentication phase.
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, leading to the use of that count without prior validation of the data.
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the user authentication state is kept internally, which may lead to incorrect processing of authentication requests when the user or service changes.
In ImageMagick prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free.
In ImageMagick prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the MNG coder allows reading more images than the list limit policy permits, resulting in excessive resource consumption.
ImageMagick prior to versions 6.9.13-47 and 7.1.2-22 has a vulnerability that allows an out of bounds over-read of 24 bytes when performing polynomial distortion with specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
In the bit7z library prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
In ImageMagick prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation.
ImageMagick prior to versions 6.9.13-47 and 7.1.2-22 contained an 'off by one' error in the meta encoder, which could lead to an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
In ImageMagick prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the PSD decoder allowed bypassing the list-length resource policy when decoding a PSD image. Other security limits still applied.
ImageMagick prior to versions 6.9.13-47 and 7.1.2-22 had a vulnerability that allowed an out of bounds read when writing an IPTC output file. This issue has been patched in the mentioned versions.
An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win versions 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).
A command injection vulnerability in PAN-OS® allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as a root user. Exploiting this issue requires access to the PAN-OS CLI or Web UI.
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.
A privilege escalation vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices allows a local user to execute code with elevated privileges.
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network to write arbitrary files to the host.
CVE-2026-0269 is a memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software. It allows an authenticated user to initiate system reboots using a maliciously crafted packet.
CVE-2026-0268 is a security control bypass vulnerability in the Prisma Access Agent for Linux, allowing a local attacker to route network traffic outside the VPN tunnel.
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS allows a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the app. Once the passcode is known, the user can perform these actions even if the GlobalProtect configuration would not normally permit them.
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.

