CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and passes it directly to net.Dial() without validation. For VMIs using non-masquerade network bindings (bridge or secondary-only), this IP is reported by the QEMU guest agent running inside the VM and is fully controllable by the VM owner.
A flaw in KubeVirt's virt-handler network cache handling allows a user with access to the virt-launcher container to overwrite arbitrary host files with JSON content and change their ownership by planting a symlink at the cache file path.
A flaw was found in the Pen Drive report generator where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored XSS payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.
A vulnerability in Apicurio Registry occurs because DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, although it blocks external DTD and schema access. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant), causing CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit.
In Cacti versions 1.2.30 and prior, a package import signature validation bypass allows self-signed packages. This issue has been fixed in version 1.2.31.
Cacti versions 1.2.30 and prior are vulnerable to Path Traversal via the Report format_file parameter, allowing arbitrary file read. The vulnerability involves two stages: stored injection without validation and subsequent file read using an unsanitized path.
Cacti versions 1.2.30 and prior have an SQL injection vulnerability in managers.php due to unsanitized unserialize and implode operations. The lack of integer validation on deserialized array values allows attackers with SNMP agent management permissions to execute arbitrary SQL commands.
Cacti versions 1.2.30 and prior do not call session_regenerate_id() after successful login, allowing Session Fixation attacks. An attacker can fixate a session and hijack it after the victim logs in.
Cacti versions 1.2.30 and prior are vulnerable to Open Redirect due to using str_contains() for referer checking instead of full host validation. An attacker can craft a malicious Referer header to redirect the user to an attacker-controlled site after login.
The wc_Blake2bHmacFinal and wc_Blake2sHmacFinal functions in the wolfSSL library have an issue when the key length exceeds the block size, resulting in a MAC that is independent of the input data. When a key is too long, the hashing state is reset, causing the loss of message data.
A vulnerability in the wolfSSL library allows bypassing IP address name constraints when the WOLFSSL_IP_ALT_NAME macro is not defined. In this configuration, a certificate can violate IP address constraints imposed by a certificate authority.
The vulnerability in PKCS7_verify allows signer confusion, enabling forged signatures to be accepted. The lack of proper binding between a signature and its signer bypasses verification mechanisms.
Vulnerability in EVP_DigestVerifyFinal allows forgery of zero-length HMAC tags. In the OpenSSL-compatible HMAC verification path, only the supplied signature length not exceeding the MAC length was checked, allowing zero-length or truncated tags to be accepted. The fix requires the supplied tag length to exactly equal the MAC length and rejects zero-length tags.
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path.
The vulnerability in PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.
The vulnerability allows an out-of-bounds write in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list, potentially leading to a buffer overflow.
Vulnerability in TLS/DTLS implementation where, when HAVE_ENCRYPT_THEN_MAC is configured, the system may incorrectly fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC.
Vulnerability in TLS 1.3 post-handshake authentication (PHA) where a server could accept a client's Finished message without requiring a certificate and CertificateVerify. The issue was due to incorrectly applying the empty certificate exemption intended only for the initial handshake, also during an outstanding post-handshake CertificateRequest.
The WebSocket backend uses predictable session identifiers because multiple endpoints can connect using the same session identifier. This allows unauthorized users to impersonate others or cause a denial-of-service condition by overwhelming the backend with valid session requests.
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.

