CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier allows a low-privileged user to link their zones to banners or campaigns owned by other managers on the same instance.
Langflow before version 1.9.0 contains an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints allow reading, modifying, renaming, or permanently deleting other users' data (messages, sessions, build artifacts, LLM transaction logs) without verifying resource ownership. An attacker only needs to supply the target's resource ID or flow_id.
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users.
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 may allow arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed.
A vulnerability in tarfile.extractall() with the 'data' or 'tar' filter can be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name. The validation checks the symlink at its archived location but recreates it at the hardlink's shallower path, allowing escape from the destination directory.
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Uncontrolled Search Path Element vulnerability in ABB Control Builder A and ABB 800xA for Advant Master. This affects Control Builder A through 1.4/4 and 800xA for Advant Master through versions 6.0.3-1, 6.1.1-1, 6.1.1-3, 6.2.0-1.
The /issue and /pr_comments slash commands in OpenHarness lack remote_invocable=False protection, allowing remote senders to inject attacker-controlled Markdown into project context files.
In the OpenHarness ohmo gateway, the /resume and /summary commands have the default remote_invocable set to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private data such as prompts, credentials, and file paths.
NanoClaw before version 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups.
NanoClaw before version 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.

