CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
File Browser prior to version 2.63.6 had a vulnerability in the Hook Authentication feature that allowed delegating login verification to an external shell command. User-supplied credentials were interpolated into this command string without sanitization, enabling remote attackers to execute arbitrary OS commands before any authentication.
Glances is a system monitoring tool that, from versions 4.0.8 to 4.5.5, has a vulnerability in the secure_popen() function. This function interprets redirection, pipe, and command chaining operators without validation, allowing unauthorized actions on the system.
Vulnerability in Cursor before version 3.0 allows a malicious agent to write files outside the workspace without user approval. The agent uses an in-workspace symlink pointing outside and forces path canonicalization to fail, resulting in writing to an arbitrary location. This enables non-sandboxed remote code execution, e.g., by overwriting the sandbox helper.
A vulnerability in Cursor before version 3.0 allows a malicious agent to modify the working_directory parameter, enabling file writes outside the intended workspace. This can lead to remote code execution without user interaction, e.g., by overwriting the cursorsandbox helper.
A vulnerability in the SYMCRYPTO hardware module (SiXG301) allows weakening of DPA (Differential Power Analysis) countermeasures by forcing specific seed values. An attacker with code execution capability on the device can reduce the entropy of protection mechanisms, increasing the risk of cryptographic key extraction.
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser.
In Glances before version 4.5.5, a vulnerability exists in the XML-RPC server. When the CORS origin list (cors_origins) contains more than one entry, the implementation incorrectly sets the Access-Control-Allow-Origin header to *, allowing access from any origin. A malicious web page can thus read the full system monitoring dataset without the victim's knowledge.
Glances is a system monitoring tool that prior to version 4.5.5 used pickle.load() to read a version-check cache file. The lack of integrity checks and format validation before deserialization allows an attacker with access to this file to plant a malicious pickle file, leading to arbitrary code execution.
Glances is a system monitoring tool that prior to version 4.5.5 had a vulnerability in the KVM/QEMU monitoring engine. VM domain names were passed into command templates without proper sanitization, allowing users with the ability to create or rename virtual machines to execute arbitrary commands.
The HTTP/2-to-HTTP/1.1 codec in swift-nio-http2 did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. Version 1.44.1 adds validation of all pseudo-headers (:path, :authority, :scheme, :method, :status) at both the HPACK header validation layer and the HTTP/2-to-HTTP/1.1 translation layer, rejecting requests or responses containing CR, LF, or NUL bytes.
In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
Bleichenbacher padding oracle vulnerability in PKCS#7 KTRI decryption in wolfSSL. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, the library returned distinguishable error codes depending on whether RSA padding validation failed or the decrypted content was malformed. This allowed an attacker to incrementally recover the Content Encryption Key (CEK) by observing error responses.
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
A vulnerability in the wolfSSL library allows accepting a certificate chain that terminates at an untrusted intermediate certificate instead of a trusted anchor. The issue occurs in partial-chain verification mode (X509_V_FLAG_PARTIAL_CHAIN) and affects the OpenSSL-compatible certificate path building path.
A vulnerability in AES-GCM implementation allows counter wrap and keystream reuse when processing extremely large single messages (>64 GiB) via streaming APIs, leading to plaintext recovery.
Vulnerability in wolfSSL library affects PKCS7_verify() function, which incorrectly returned success for degenerate PKCS#7 objects containing only certificates, without a signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content.
The pnpm package manager from version 11.3.0 to 11.5.3 has a vulnerability where the `pnpm stage download` command derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file.
In pnpm prior to versions 10.34.2 and 11.5.3, a vulnerability was discovered where manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest and pass path.join(globalBinDir, binName) to removeBin. For "." this targets the global bin directory; for ".." this targets its parent.
pnpm package manager prior to versions 10.34.2 and 11.5.3 persists bootstrap metadata in the first YAML document of pnpm-lock.yaml. A malicious repository can bypass fresh package-manager resolution and cause pnpm to install and execute arbitrary code during automatic version switching.

