CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-56779
Medium

MaxKB before version 2.10.0 contains a server-side request forgery (SSRF) vulnerability in tool creation and update endpoints. It allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters.

CVE-2026-56774
Medium

Kanboard versions up to 1.2.52 have a vulnerability that allows authenticated users to delete other users' 'Remember Me' sessions. The issue arises from a lack of validation of the session ID parameter in the UserViewController::removeSession method.

CVE-2026-56772
Medium

NewsBlur before version 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notifications by supplying arbitrary user_id values to the GET /social/interactions endpoint without ownership verification.

CVE-2026-56771
High

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration.

CVE-2026-56770
High

libais through 0.15 has a vulnerability where VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences.

CVE-2026-56769
High

Huly Platform through version 0.7.423 contains an authenticated server-side request forgery (SSRF) vulnerability in the /import endpoint that allows workspace users to make arbitrary server requests.

CVE-2026-56768
High

A vulnerability in Seahub before version 13.0.23 allows unauthenticated users to bypass the SHARE_LINK_LOGIN_REQUIRED enforcement via a GET request to /api/v2.1/share-link-zip-task/. Attackers with a folder share-link token can obtain a fileserver zip token and download entire shared directory trees.

CVE-2026-56767
High

Maxun before version 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens.

CVE-2026-56766
High

Hydra up to version 9.7 contains a stack buffer overflow vulnerability in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing buffer overflow and enabling remote code execution.

CVE-2026-55667
High

In File Browser before version 2.63.16, an authenticated user with only Create permission can delete files outside their scope (including other tenants' data and the application's database) by exploiting the cleanup path after a failed upload. The ScopedFs.RemoveAll method bypasses symlink protections, and the direct upload handler calls it on a user-controlled path.

CVE-2026-54917
Critical

SeaweedFS before version 4.30 has a vulnerability due to improper path cleaning in S3 and Iceberg REST catalog routers. An attacker can use '..' sequences in a request to bypass access controls and read or write data in any bucket.

CVE-2026-54250
Medium

In K3s before versions 1.35.3+k3s1, 1.34.6+k3s1, and v1.33.10+k3s1, a path traversal vulnerability exists in the etcd snapshot decompression functionality. ZIP archives containing maliciously named members can be written to arbitrary filesystem locations when an administrator restores the archive as a compressed etcd snapshot.

CVE-2026-54097
High

File Browser before version 2.63.6 contains a vulnerability where a low-privileged authenticated user with create and delete permissions in their own isolated scope can permanently destroy share-link records belonging to other users, including the administrator. This is done by performing a legitimate DELETE operation on a file whose logical path is a byte-prefix of another user's stored share.Link.Path.

CVE-2026-54096
High

File Browser prior to version 2.63.7 allowed creating public shares for any path without verifying the existence of the file. When a file was created at that same location, the share became immediately active, leading to unauthorized access to files.

CVE-2026-54094
High

File Browser prior to version 2.63.14 does not prevent HTTP file handlers from following symbolic links, allowing users to cross their intended scope boundaries.

CVE-2026-54093
Medium

A vulnerability in File Browser prior to version 2.63.6 allows files with backslash characters in their names to be saved, potentially leading to unauthorized file writes outside the target directory when extracting the archive on Windows systems.

CVE-2026-54092
Medium

In File Browser before version 2.63.6, the maximum password length is not checked, allowing an arbitrarily long password to be sent to the login API. This causes a spike in CPU and memory usage, leading to container crashes and potentially disrupting the Docker daemon.

CVE-2026-54091
High

File Browser before version 2.63.6 contains a vulnerability due to incorrect path handling in public shares. An attacker who knows the URL of a public directory share can bypass rules blocking access to files and subdirectories located under the shared directory. The issue arises because the system rebases the filesystem root to the shared directory and then evaluates paths relative to it, instead of relative to the owner's original scope.

CVE-2026-54090
High

File Browser before version 2.33.8 allows bypassing the command allowlist using shell metacharacters. The allowlist only validates the first token of user input, but the entire raw string is passed to the shell, allowing arbitrary commands to be executed after a permitted one.

CVE-2026-54089
Critical

File Browser is a file management interface that, starting from version 2.0.0-rc.1, allows unauthenticated attackers to impersonate users, including admins, by sending a forged HTTP header. No credentials are required to gain access.

PreviousPage 170 of 4552Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS