CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2026-57520
High

A privilege escalation vulnerability in Bitwarden Server before 2026.5.0 allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization. Attackers exploit a missing role hierarchy check in the bulk user-remove endpoint to bypass the guard enforced on the single-user removal path.

CVE-2026-55964
Medium

Vulnerability in the WolfSSL library involves accepting intermediate certificates with CA:TRUE but without the keyCertSign key usage as signing CAs. Previously, temporary CAs added during certificate path building (WOLFSSL_TEMP_CA) were exempt from this check, allowing invalid certificates to be accepted. Now the check applies to temporary CAs as well, except for operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed ones.

CVE-2026-55960
High

The vulnerability allows an un-negotiated Raw Public Key (RFC 7250) to be accepted in place of an X.509 certificate, bypassing chain validation. This only affects builds with Raw Public Key support (HAVE_RPK) enabled, which is disabled by default but included with --enable-all.

CVE-2026-55958
High

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. The tsip_StoreMessage() function fails to return after exceeding the 8 KB limit, causing heap corruption and potential remote denial of service.

CVE-2026-46602
High

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

CVE-2026-46601
High

The WebP decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

CVE-2026-37453
High

An insecure permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe.

CVE-2026-37149
High

A SQL injection vulnerability was discovered in the scost parameter in /grocery/search_products.php of GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. This allows attackers to access sensitive database information via a crafted SQL statement.

CVE-2026-2299
Medium

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.

CVE-2026-12340
High

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service).

CVE-2026-11310
High

The vulnerability allows bypassing X.509 trust-chain validation in the wolfSSL_X509_verify_cert() function of the wolfSSL library. It only affects builds with --enable-opensslextra (OPENSSL_EXTRA) and applications that call X509_verify_cert() with caller-supplied untrusted intermediate certificates. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate.

CVE-2026-10592
Medium

Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.

CVE-2026-10512
High

The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret.

CVE-2026-10097
High

The AVX2-optimized ML-KEM implementation in wolfSSL compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts differing solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security.

CVE-2025-60465
Medium

A use-after-free vulnerability was found in the gf_filter_pid_inst_swap function of GPAC/MP4Box before version 26.02.0. An attacker can supply a crafted media file to cause a Denial of Service (DoS).

CVE-2025-60464
High

A use-after-free vulnerability was found in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC/MP4Box before version 26.02.0. Attackers can cause a Denial of Service (DoS) by supplying a crafted MPEG-2 TS file.

CVE-2026-57700
Critical

The OMGF Pro WordPress plugin contains an unrestricted file upload vulnerability with dangerous file types, allowing an attacker to upload malicious files to the server. The issue affects versions from n/a through 5.2.6.

CVE-2026-56786
Critical

RTKLIB through version 2.4.3 contains an out-of-bounds write vulnerability in the decode_type1033 function that fails to clamp length counters to the destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.

CVE-2026-56770
High

libais through 0.15 has a vulnerability where VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences.

CVE-2026-56768
High

A vulnerability in Seahub before version 13.0.23 allows unauthenticated users to bypass the SHARE_LINK_LOGIN_REQUIRED enforcement via a GET request to /api/v2.1/share-link-zip-task/. Attackers with a folder share-link token can obtain a fileserver zip token and download entire shared directory trees.

PreviousPage 199 of 4569Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS