CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
In the PKCS#7 decode path of the wolfSSL library, the caller-supplied output buffer size (outputSz) is ignored, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL version 5.9.0 and earlier, and was fixed in release 5.9.1.
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun.
Integer underflow in wc_PKCS7_DecryptOri when processing crafted Other Recipient Info, leading to incorrect length handling during decryption.
A vulnerability in the ParseCRL_Extensions function allows bypassing critical CRL extensions, enabling a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where the crafted CRL has a trusted signature during parsing.
The vulnerability concerns issues with certificate policy and RFC 8446 compliance, involving the continued acceptance of SHA-1 and MD5 algorithms in certificate processing.
The vulnerability in the qrscp application consists of the C-STORE handler using a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
A reachable unwrap in the __assert_fail function of relibc (commit 61f42d) allows attackers to cause a Denial of Service (DoS) via a crafted string.
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.
An insecure permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component.
The vulnerability in OHIF Viewer involves two default data sources (DICOMWebProxy and DICOMJSON) that fetch an arbitrary URL parameter without validation. A global authentication service automatically injects the authenticated user's OIDC Bearer token into requests, sending it to an attacker-controlled server. DICOMweb data sources are not affected.
Use-after-free vulnerability in PQC hybrid key-share handling. This is an incomplete fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
A vulnerability in Bitwarden Server before version 2026.5.0 allows JSON injection via the IntegrationTemplateProcessor.ReplaceTokens() function, which substitutes user-controlled values into event integration templates without JSON encoding. An authenticated organization member can set their display name to JSON metacharacters and inject arbitrary key-value pairs into rendered payloads delivered to webhook, SIEM, Slack, Teams, or Datadog endpoints.
A broken access control vulnerability in Bitwarden Server before 2026.5.0 allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks.
A privilege escalation vulnerability in Bitwarden Server before 2026.5.0 allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization. This is due to a missing role hierarchy check in the bulk user-remove endpoint.
Vulnerability in the WolfSSL library involves accepting intermediate certificates with CA:TRUE but without the keyCertSign key usage as signing CAs. Previously, temporary CAs added during certificate path building (WOLFSSL_TEMP_CA) were exempt from this check, allowing invalid certificates to be accepted. Now the check applies to temporary CAs as well, except for operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed ones.
The vulnerability allows an un-negotiated Raw Public Key (RFC 7250) to be accepted in place of an X.509 certificate, bypassing chain validation. This only affects builds with Raw Public Key support (HAVE_RPK) enabled, which is disabled by default but included with --enable-all.
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. The tsip_StoreMessage() function fails to return after exceeding the 8 KB limit, causing heap corruption and potential remote denial of service.
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.
The WebP decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.
An insecure permissions vulnerability in MSI NBFoundation Service v2.0.2506.1201 allows a remote attacker to obtain sensitive information via weak 3DES-ECB encryption.

