CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-32175
Medium

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system.

CVE-2026-32170
Medium

Podatność CVE-2026-32170 dotyczy podwójnego zwolnienia pamięci w edytorze Rich Text w systemie Windows, co pozwala autoryzowanemu atakującemu na lokalne podniesienie uprawnień.

CVE-2025-53680
Medium

An OS Command Injection vulnerability in Fortinet FortiAP allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

CVE-2026-8391
Medium

An unspecified vulnerability was discovered in the JavaScript Engine component of Firefox and Thunderbird. The flaw is fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

CVE-2026-8388
Medium

A vulnerability in the JavaScript Engine: JIT component of Firefox and Thunderbird is caused by incorrect boundary conditions. The flaw was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

CVE-2026-42006
Medium

A vulnerability in IMAP handling allows an attacker to cause uncontrolled memory usage through excessive bracing. The fix for CVE-2026-27857 was incomplete, blocking only one attack vector while leaving another open. Attackers can use open braces to bypass the limit and increase memory usage up to the configured memory limit.

CVE-2026-41125
Medium

Zidentyfikowano podatność w różnych wersjach urządzeń blueplanet, która umożliwia atakującemu z odpowiednimi uprawnieniami wykorzystanie luk w zabezpieczeniach związanych z niewłaściwą neutralizacją specjalnych elementów w poleceniu SQL. Atak ten może prowadzić do podniesienia uprawnień w lokalnej sieci.

CVE-2025-40948
Medium

A vulnerability in RUGGEDCOM ROX devices allows an authenticated remote attacker to read arbitrary files from the OS filesystem with root privileges. The issue stems from improper input validation in the web server's JSON-RPC interface.

CVE-2026-1681
Medium

A vulnerability in the operating system allows a stack overflow by sending an ICMP ping to the device's own IPv4 address using the `net ping` command. This causes recursive processing of the packet in the network stack, leading to a stack overflow in the system work-queue stack.

CVE-2026-40135
Medium

W systemie SAP NetWeaver Application Server dla ABAP oraz platformy ABAP występuje podatność na wstrzykiwanie poleceń systemowych, która pozwala uwierzytelnionemu atakującemu z dostępem administracyjnym na wykonanie specjalnie przygotowanych poleceń powłoki na serwerze, omijając mechanizm logowania.

CVE-2026-27682
Medium

W wyniku podatności na odzwierciedlone ataki XSS w SAP NetWeaver Application Server ABAP, nieautoryzowany atakujący może stworzyć URL, który wykorzystuje niechroniony parametr URL do osadzenia złośliwego skryptu. Kliknięcie w taki link przez ofiarę prowadzi do wykonania złośliwej treści w kontekście przeglądarki ofiary.

CVE-2026-28946
Medium

A use-after-free issue was addressed with improved memory management in Safari and macOS Tahoe. The issue is fixed in Safari 26.5 and macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2026-28942
Medium

A use-after-free vulnerability was addressed with improved memory management in Safari. The issue is fixed in Safari 26.5, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2026-28903
Medium

A vulnerability in WebKit may cause a process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling.

CVE-2026-28902
Medium

A vulnerability in WebKit allows a process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling.

CVE-2026-28901
Medium

A vulnerability in WebKit allows a process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling.

CVE-2026-4891
MediumEPSS 92%

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

CVE-2026-36906
Medium

A Cross-Site Scripting (XSS) vulnerability has been discovered in IoTGateway version 3.0.1 within the Log Record Function. This allows a remote attacker to execute arbitrary JavaScript code in the victim's browser.

CVE-2026-6815
Medium

W Casdoorze występuje podatność na zapis dowolnych plików w dostawcy lokalnego systemu plików. Z powodu niewystarczającej sanitizacji ścieżek, uwierzytelniony atakujący z uprawnieniami administratora może przeprowadzić atak typu Path Traversal, aby tworzyć lub nadpisywać dowolne pliki w systemie plików hosta.

CVE-2026-1677
Medium

In Zephyr, sockets created with `IPPROTO_TLS_1_3` can negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS. Applications assuming `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses.

PreviousPage 230 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS