CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-24464
MediumEPSS 55%

In Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint. It allows an authenticated attacker with administrator role privileges to cross a security boundary and delete files.

CVE-2026-2725
Medium

A vulnerability in the 'submitted together' feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the topic tag of an unapproved change.

CVE-2026-44223
Medium

vLLM is an inference and serving engine for large language models. From versions 0.18.0 to before 0.20.0, the extract_hidden_states function in vLLM returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError and crashing the EngineCore process.

CVE-2026-34688
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-34680
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-34679
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application.

CVE-2026-34678
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.

CVE-2026-34677
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.

CVE-2026-34673
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.

CVE-2026-34672
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application.

CVE-2026-34671
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition without user interaction.

CVE-2026-34670
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-34669
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-34668
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application.

CVE-2026-34667
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application without user interaction.

CVE-2026-34666
Medium

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-44279
Medium

An improper export of Android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.

CVE-2026-40421
Medium

W programie Microsoft Office Word pliki lub katalogi dostępne dla osób zewnętrznych umożliwiają nieautoryzowanemu atakującemu ujawnienie informacji lokalnie.

CVE-2026-35429
Medium

W Microsoft Edge (oparty na Chromium) występuje błąd w interfejsie użytkownika, który prowadzi do błędnej prezentacji krytycznych informacji. Umożliwia to nieautoryzowanemu atakującemu przeprowadzenie ataku typu spoofing w sieci.

CVE-2026-34662
Medium

A NULL Pointer Dereference vulnerability in Illustrator versions 29.8.6, 30.3 and earlier could lead to a denial-of-service (DoS) condition via application crash. Exploitation requires user interaction to open a malicious file.

PreviousPage 229 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS