CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-58169
High

A DNS rebinding authentication bypass vulnerability in Vibe-Trading before 0.1.10 allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to 0.0.0.0 with credentialed CORS. Attackers can craft a malicious DNS rebinding page to issue authenticated requests to the local API server, reach the shell execution endpoint with a bash-enabled preset, and achieve remote code execution as the API process user while also overwriting LLM and data-source settings to exfiltrate credentials.

CVE-2026-58168
High

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability allowing low-privilege users to invoke unrestricted MCP tools. The allowed_mcp_tools function returns None instead of a denied result when mcp_tools is omitted from a user's grant.

CVE-2026-58167
Medium

A vulnerability in Nightingale (n9e) before version 9.0.0-beta.2 allows any authenticated low-privilege user (Standard role) to read full datasource configurations, including database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys. This occurs via the POST /api/n9e/datasource/list endpoint, which lacks admin authorization, and the DatasourceFilter does not redact secret fields.

CVE-2026-58166
Critical

OpenBMB ChatDev through version 2.2.0 contains a path traversal vulnerability in the file upload endpoint. An unauthenticated attacker can write or delete arbitrary files on the server by sending a malicious filename with path traversal sequences.

CVE-2026-58165
High

In OpenZiti through version 2.0.0 (fixed in commit 3027fdf), a privilege escalation vulnerability exists. An authenticated non-admin identity with fine-grained enrollment management permissions can create an enrollment token for any identity, including the default administrator, because the ApplyCreate function in controller/model/enrollment_manager.go only verifies the target identity exists without performing authorization checks binding the caller to the target identity.

CVE-2026-49451
High

A vulnerability in the Microsoft.OpenApi library (OpenAPI.NET SDK) can cause process termination due to stack overflow when parsing an OpenAPI document with a circular schema reference. The issue affects versions from 2.0.0-preview11 to 2.7.5 and 3.5.4, confirmed for both JSON and YAML readers.

CVE-2026-10655
Medium

A race condition in Zephyr's asynchronous SNTP client closes the UDP socket from the calling thread without synchronizing with the poll thread, leading to use-after-free of net_context structures.

CVE-2026-10654
Low

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device initiates teardown (state BT_RFCOMM_STATE_DISCONNECTING, DISC sent, RTX timer armed) and the peer concurrently sends its own DISC frame for dlci 0, rfcomm_handle_disc() calls rfcomm_session_disconnected(), which unconditionally forces the session to BT_RFCOMM_STATE_DISCONNECTED without calling bt_l2cap_chan_disconnect(). This permanently wedges the session: the L2CAP channel is never released and the session slot in the bt_rfcomm_pool[] array is never reclaimed.

CVE-2026-10653
Medium

In the Zephyr net_buf library, non-atomic operations on reference counters were found. Under concurrency (SMP or single-core preemption), double freeing of a buffer can occur, leading to heap corruption and use-after-free.

CVE-2026-10652
Medium

A vulnerability in Zephyr's DNS resolver (subsys/net/lib/dns) allows out-of-bounds read due to insufficient validation of rdlength in dns_unpack_answer(). An attacker can craft a DNS response with an oversized rdlength, causing memory disclosure or denial of service.

CVE-2026-48315
Critical

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and the scope is changed.

CVE-2026-48314
Medium

A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows bypassing path restrictions. An attacker can gain limited read and write access to unauthorized files or directories outside intended restrictions. Exploitation does not require user interaction.

CVE-2026-48313
Critical

A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows unauthorized file system read and limited write access outside the intended directory. An attacker can exploit this without user interaction, gaining access to sensitive files.

CVE-2026-48307
High

Reflected XSS vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier. An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. User interaction (clicking a malicious link) is required.

CVE-2026-48286
Critical

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction and the scope is changed.

CVE-2026-48285
High

An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.

CVE-2026-48283
Critical

A vulnerability in ColdFusion allows unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the scope is changed.

CVE-2026-48282
CriticalActively exploitedEPSS 87%

A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows a remote attacker to execute arbitrary code in the context of the current user without requiring user interaction. The issue stems from improper limitation of a pathname to a restricted directory.

CVE-2026-48281
CriticalEPSS 54%

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVE-2026-48277
CriticalEPSS 54%

A vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier is caused by improper input validation, potentially leading to remote arbitrary code execution in the context of the current user. Exploitation requires no user interaction and the scope is changed.

PreviousPage 240 of 4691Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS