CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
In Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint. It allows an authenticated attacker with administrator role privileges to cross a security boundary and delete files.
A vulnerability in the 'submitted together' feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the topic tag of an unapproved change.
vLLM is an inference and serving engine for large language models. From versions 0.18.0 to before 0.20.0, the extract_hidden_states function in vLLM returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError and crashing the EngineCore process.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition without user interaction.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application without user interaction.
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.
An improper export of Android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
W programie Microsoft Office Word pliki lub katalogi dostępne dla osób zewnętrznych umożliwiają nieautoryzowanemu atakującemu ujawnienie informacji lokalnie.
W Microsoft Edge (oparty na Chromium) występuje błąd w interfejsie użytkownika, który prowadzi do błędnej prezentacji krytycznych informacji. Umożliwia to nieautoryzowanemu atakującemu przeprowadzenie ataku typu spoofing w sieci.
A NULL Pointer Dereference vulnerability in Illustrator versions 29.8.6, 30.3 and earlier could lead to a denial-of-service (DoS) condition via application crash. Exploitation requires user interaction to open a malicious file.

