CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-49760
Medium

A stack-based buffer overflow vulnerability in Erlang OTP (erl_interface) allows for stack buffer overflow. The issue occurs in the ei_s_print_term function, which uses an internal 2000-character stack buffer to format terms.

CVE-2026-48860
Medium

A vulnerability relying on IP Address for Authentication in the inet_tls_dist module of Erlang/OTP allows unauthenticated bypass of the LAN allowlist for TLS distribution. The inet_tls_dist:check_ip/1 function incorrectly uses inet:sockname/1, leading to always successful subnet mask comparisons.

CVE-2026-48859
Medium

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh allows unauthenticated remote username enumeration via timing side-channel in password authentication. The timing difference in responses for valid and invalid usernames enables an attacker to distinguish them in a single authentication attempt.

CVE-2026-48858
Medium

A Server-Side Request Forgery (SSRF) vulnerability in the Erlang/OTP ftp_internal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The PASV handler does not validate the IP address, allowing a malicious FTP server to redirect the client's data connection to an arbitrary internal host and port.

CVE-2026-48856
Medium

Sensitive Data Exposure vulnerability in the httpc_response module of Erlang OTP allows retrieving embedded sensitive data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary.

CVE-2026-48855
Medium

A vulnerability in the ssh_sftpd module of Erlang OTP allows the exposure of sensitive information through file discovery. An authenticated SFTP client can create a symlink that reveals the absolute path to the SFTP root directory.

CVE-2026-48096
Medium

OpenFGA, an authorization engine, prior to version 1.16.0, had an issue with iterator caching where two distinct check requests could produce the same cache key. This led to the reuse of an earlier cached result for a subsequent request.

CVE-2026-45566
Medium

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the login flow improperly handles URLs, allowing for an open redirect attack.

CVE-2026-7516
Medium

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.

CVE-2026-45563
Medium

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the server_ip path parameter in GET /history/<service>/<server_ip> is reused as a user-id when service == 'user', with no authorization check.

CVE-2026-45561
Medium

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the URL path component verbatim, which may lead to unauthorized access.

CVE-2026-45560
Medium

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the wrap_line and highlight_word functions generate raw HTML without proper escaping, allowing for malicious code injection into access logs.

CVE-2026-45559
Medium

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the get_ldap_email function builds the LDAP search filter via f-string concatenation, allowing for the injection of additional clauses through improperly processed username URL path parameters.

CVE-2026-11884
Medium

A heap buffer overflow vulnerability was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges or a compromised replication supplier can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.

CVE-2025-10238
Medium

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products that could allow a privileged local user to execute code in System Management Mode (SMM).

CVE-2025-10237
Medium

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

CVE-2026-53442
Medium

Jenkins versions 2.567 and earlier, and LTS 2.555.2 and earlier do not encrypt secrets from POST config.xml submissions before storing them unencrypted in job configuration files. Secrets are stored in config.xml files in plaintext, allowing users with Item/Extended Read permissions or access to the Jenkins controller file system to view them.

CVE-2026-53441
Medium

A stored XSS vulnerability in Jenkins allows attackers with Agent/Configure permission to inject malicious scripts via an unescaped offline cause description set through the POST config.xml API. Affects Jenkins 2.483 through 2.567 and LTS 2.492.1 through 2.555.2.

CVE-2026-53440
Medium

Jenkins versions 2.567 and earlier, LTS 2.555.2 and earlier do not validate the safety of the 'from' parameter in the 'Delegate to servlet container' security realm, allowing attackers to perform phishing attacks by redirecting users to attacker-controlled domains.

CVE-2026-53439
Medium

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' 'My Views'.

PreviousPage 117 of 513Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS