CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the wrap_line and highlight_word functions generate raw HTML without proper escaping, allowing for malicious code injection into access logs.
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the get_ldap_email function builds the LDAP search filter via f-string concatenation, allowing for the injection of additional clauses through improperly processed username URL path parameters.
A heap buffer overflow vulnerability was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges or a compromised replication supplier can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products that could allow a privileged local user to execute code in System Management Mode (SMM).
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
Jenkins versions 2.567 and earlier, and LTS 2.555.2 and earlier do not encrypt secrets from POST config.xml submissions before storing them unencrypted in job configuration files. Secrets are stored in config.xml files in plaintext, allowing users with Item/Extended Read permissions or access to the Jenkins controller file system to view them.
A stored XSS vulnerability in Jenkins allows attackers with Agent/Configure permission to inject malicious scripts via an unescaped offline cause description set through the POST config.xml API. Affects Jenkins 2.483 through 2.567 and LTS 2.492.1 through 2.555.2.
Jenkins versions 2.567 and earlier, LTS 2.555.2 and earlier do not validate the safety of the 'from' parameter in the 'Delegate to servlet container' security realm, allowing attackers to perform phishing attacks by redirecting users to attacker-controlled domains.
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' 'My Views'.
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.
A vulnerability in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.
Jenkins versions 2.567 and earlier, LTS 2.555.2 and earlier improperly determine that a redirect URL after login legitimately points to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.
Ghidra before version 12.1 contains a heap-use-after-free vulnerability in the HighVariable::merge() function during the variable merging pass. Attackers can exploit this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced.
Ghidra before version 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
Ghidra before version 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd, caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API.
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie(). The lack of cycle detection when processing Mach-O binary files leads to unbounded queue growth and exponential string concatenation.
Debusine is an integrated solution to build, distribute, and maintain a Debian-based distribution. The parser used to read manifest files accepted arbitrary fully user-controlled paths, potentially allowing the creation of arbitrary symbolic links on a worker.
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.

