CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-37453
High

An insecure permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe.

CVE-2026-37149
High

A SQL injection vulnerability was discovered in the scost parameter in /grocery/search_products.php of GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. This allows attackers to access sensitive database information via a crafted SQL statement.

CVE-2026-2299
Medium

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.

CVE-2026-12340
High

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service).

CVE-2026-11310
High

The vulnerability allows bypassing X.509 trust-chain validation in the wolfSSL_X509_verify_cert() function of the wolfSSL library. It only affects builds with --enable-opensslextra (OPENSSL_EXTRA) and applications that call X509_verify_cert() with caller-supplied untrusted intermediate certificates. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate.

CVE-2026-10592
Medium

Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.

CVE-2026-10512
High

The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret.

CVE-2026-10097
High

The AVX2-optimized ML-KEM implementation in wolfSSL compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts differing solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security.

CVE-2025-60465
Medium

A use-after-free vulnerability was found in the gf_filter_pid_inst_swap function of GPAC/MP4Box before version 26.02.0. An attacker can supply a crafted media file to cause a Denial of Service (DoS).

CVE-2025-60464
High

A use-after-free vulnerability was found in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC/MP4Box before version 26.02.0. Attackers can cause a Denial of Service (DoS) by supplying a crafted MPEG-2 TS file.

CVE-2026-57700
Critical

The OMGF Pro WordPress plugin contains an unrestricted file upload vulnerability with dangerous file types, allowing an attacker to upload malicious files to the server. The issue affects versions from n/a through 5.2.6.

CVE-2026-56790
High

In CANBoat through version 6.22 (fixed in commit a5a22b7), an off-by-one global buffer overflow vulnerability exists in the searchForPgn() function in analyzer/pgn.c. Attackers can send a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP, causing an out-of-bounds array access and application crash.

CVE-2026-56789
Medium

RTKLIB through version 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c. Attackers can exploit this by providing a malicious RINEX file with more than 64 satellites per epoch, leading to heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications such as rnx2rtkp and RTKPOST.

CVE-2026-56788
Medium

RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

CVE-2026-56787
Medium

An off-by-one out-of-bounds read vulnerability in RTKLIB through version 2.4.3 in the decode_ssr3 function at src/rtcm3.c:1446 allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields.

CVE-2026-56786
Critical

RTKLIB through version 2.4.3 contains an out-of-bounds write vulnerability in the decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.

CVE-2026-56779
Medium

MaxKB before version 2.10.0 contains a server-side request forgery (SSRF) vulnerability in tool creation and update endpoints. It allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters.

CVE-2026-56774
Medium

Kanboard versions up to 1.2.52 have a vulnerability that allows authenticated users to delete other users' 'Remember Me' sessions. The issue arises from a lack of validation of the session ID parameter in the UserViewController::removeSession method.

CVE-2026-56772
Medium

NewsBlur before version 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notifications by supplying arbitrary user_id values to the GET /social/interactions endpoint without ownership verification.

CVE-2026-56771
High

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration.

PreviousPage 229 of 4630Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS