CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A DNS rebinding authentication bypass vulnerability in Vibe-Trading before 0.1.10 allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to 0.0.0.0 with credentialed CORS. Attackers can craft a malicious DNS rebinding page to issue authenticated requests to the local API server, reach the shell execution endpoint with a bash-enabled preset, and achieve remote code execution as the API process user while also overwriting LLM and data-source settings to exfiltrate credentials.
DeepTutor before version 1.4.10 contains an authorization bypass vulnerability allowing low-privilege users to invoke unrestricted MCP tools. The allowed_mcp_tools function returns None instead of a denied result when mcp_tools is omitted from a user's grant.
A vulnerability in Nightingale (n9e) before version 9.0.0-beta.2 allows any authenticated low-privilege user (Standard role) to read full datasource configurations, including database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys. This occurs via the POST /api/n9e/datasource/list endpoint, which lacks admin authorization, and the DatasourceFilter does not redact secret fields.
OpenBMB ChatDev through version 2.2.0 contains a path traversal vulnerability in the file upload endpoint. An unauthenticated attacker can write or delete arbitrary files on the server by sending a malicious filename with path traversal sequences.
In OpenZiti through version 2.0.0 (fixed in commit 3027fdf), a privilege escalation vulnerability exists. An authenticated non-admin identity with fine-grained enrollment management permissions can create an enrollment token for any identity, including the default administrator, because the ApplyCreate function in controller/model/enrollment_manager.go only verifies the target identity exists without performing authorization checks binding the caller to the target identity.
A vulnerability in the Microsoft.OpenApi library (OpenAPI.NET SDK) can cause process termination due to stack overflow when parsing an OpenAPI document with a circular schema reference. The issue affects versions from 2.0.0-preview11 to 2.7.5 and 3.5.4, confirmed for both JSON and YAML readers.
A race condition in Zephyr's asynchronous SNTP client closes the UDP socket from the calling thread without synchronizing with the poll thread, leading to use-after-free of net_context structures.
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device initiates teardown (state BT_RFCOMM_STATE_DISCONNECTING, DISC sent, RTX timer armed) and the peer concurrently sends its own DISC frame for dlci 0, rfcomm_handle_disc() calls rfcomm_session_disconnected(), which unconditionally forces the session to BT_RFCOMM_STATE_DISCONNECTED without calling bt_l2cap_chan_disconnect(). This permanently wedges the session: the L2CAP channel is never released and the session slot in the bt_rfcomm_pool[] array is never reclaimed.
In the Zephyr net_buf library, non-atomic operations on reference counters were found. Under concurrency (SMP or single-core preemption), double freeing of a buffer can occur, leading to heap corruption and use-after-free.
A vulnerability in Zephyr's DNS resolver (subsys/net/lib/dns) allows out-of-bounds read due to insufficient validation of rdlength in dns_unpack_answer(). An attacker can craft a DNS response with an oversized rdlength, causing memory disclosure or denial of service.
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and the scope is changed.
A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows bypassing path restrictions. An attacker can gain limited read and write access to unauthorized files or directories outside intended restrictions. Exploitation does not require user interaction.
A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows unauthorized file system read and limited write access outside the intended directory. An attacker can exploit this without user interaction, gaining access to sensitive files.
Reflected XSS vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier. An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. User interaction (clicking a malicious link) is required.
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction and the scope is changed.
An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.
A vulnerability in ColdFusion allows unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the scope is changed.
A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows a remote attacker to execute arbitrary code in the context of the current user without requiring user interaction. The issue stems from improper limitation of a pathname to a restricted directory.
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
A vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier is caused by improper input validation, potentially leading to remote arbitrary code execution in the context of the current user. Exploitation requires no user interaction and the scope is changed.

