CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win versions 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).
A command injection vulnerability in PAN-OS® allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as a root user. Exploiting this issue requires access to the PAN-OS CLI or Web UI.
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.
A privilege escalation vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices allows a local user to execute code with elevated privileges.
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network to write arbitrary files to the host.
CVE-2026-0269 is a memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software. It allows an authenticated user to initiate system reboots using a maliciously crafted packet.
CVE-2026-0268 is a security control bypass vulnerability in the Prisma Access Agent for Linux, allowing a local attacker to route network traffic outside the VPN tunnel.
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS allows a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the app. Once the passcode is known, the user can perform these actions even if the GlobalProtect configuration would not normally permit them.
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option.
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping, potentially allowing malicious code execution.
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl do not protect against metric injections. The statsd protocol allows multiple metrics to be sent per packet, creating a risk.
The CleanWipe Removal Tool (macOS) prior to version 16.0.0.65 may be susceptible to a Local Privilege Escalation vulnerability. An attacker with limited access can escalate their privileges to gain administrative control.
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before version 1.8.2 may allow an unauthenticated remote actor to cause a denial of service by sending crafted QUIC Initial packets.
Fission is a serverless framework, native to Kubernetes, that prior to version 1.25.0 improperly validated the RelativeURL and Prefix fields in HTTPTriggerSpec.Validate(). These fields were only validated at the CLI level, allowing URL checks to be bypassed using kubectl or direct Kubernetes REST API calls.
Fission, a Kubernetes-native serverless framework, prior to version 1.24.0, created builder pods with auto-mounted service account tokens, potentially leading to unauthorized access to resources. This issue has been patched in version 1.24.0.
The draw.io application prior to version 29.7.12 contains a vulnerability that allows arbitrary JavaScript execution through a crafted .drawio file. The issue lies in the Text Format panel where the raw cell label is assigned to an element without proper sanitization.
Fission is a serverless framework, Kubernetes-native, that prior to version 1.23.0 had a security vulnerability. In pkg/builder/builder.go, the Environment.spec.builder.command was passed without validation, allowing arbitrary code execution in the builder pod context.
In Splunk SOAR versions below 8.5.0, an unauthenticated attacker could inject ANSI escape codes into SOAR application log files through specially crafted HTTP request paths. The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user with a role containing the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

