CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
The vulnerability allows a DoS attack via malformed HTTP/2 requests to NetScaler ADC and NetScaler Gateway. It occurs when HTTP/2 is enabled in the HTTP profile and associated with a virtual server (LB, CS, VPN) or a service configured on the device.
A flaw in the Identity Provider (IdP) mapper component of Keycloak allows an administrator with limited permissions to assign high-level administrative roles (e.g., realm-admin) to themselves or others by creating a 'Hardcoded Role' mapper. This bypasses security checks and grants full control over the entire realm.
Insufficient input validation in NetScaler ADC and NetScaler Gateway leads to memory overread if the TCP Timestamp is enabled in the TCP Profile and associated with a virtual server (type LB, CS, VPN) or a configured service.
An unauthenticated attacker can read arbitrary files on NetScaler ADC and NetScaler Gateway if access to NSIP, Cluster Management IP, or SNIP with management access is enabled.
A Blind SQL Injection vulnerability was found in Eksagate SYSGUARD 6001 due to improper neutralization of special elements in SQL commands. The issue affects versions from 2.0.2 before 6.1.16.0, and the vendor no longer supports the product.
The vulnerability in the Net::BitTorrent library for Perl (versions up to 2.0.1) generates the 160-bit Diffie-Hellman private key for the MSE handshake using a non-cryptographic PRNG (rand()). Since random padding is sent in cleartext from the same generator, a passive observer can recover the PRNG state, then the private key and RC4 keys, allowing decryption of the connection.
A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows remote memory exhaustion via deeply nested bencoded input. The decoder has no recursion depth limit, causing O(N^2) memory consumption.
A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows remote memory exhaustion via an uncapped peer-wire message-length prefix. An attacker peer can send a length prefix up to 4 GiB followed by a byte stream, causing uncontrolled growth of the input buffer.
A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows writing files outside the download directory via path traversal in peer-supplied metadata. An attacker can exploit the ut_metadata extension (BEP09) to supply file names containing ".." sequences that are not properly validated.
Redeight CMS version 1.0 stores user passwords using the MD5 algorithm without a salt. MD5 is a cryptographically broken algorithm and the lack of salting allows attackers to easily reverse the hashes using rainbow tables.
An unrestricted file upload vulnerability in Redeight CMS 1.0 allows authenticated attackers to achieve remote code execution (RCE) via the POST /admin/index.php?module=pages&mode=FileAdd endpoint. The application fails to validate file extensions and MIME types, permitting arbitrary PHP scripts to be uploaded to the /uploads/files/ directory where they are executed by the web server.
An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, allowing unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.
Incorrect authentication caching in the team membership expansion of the Rancher Github authentication provider caused granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
A vulnerability in Advantech's Hospital Queuing Management allows unauthenticated remote attackers to access API documentation via a specific URL, leading to sensitive data exposure.
Hospital Quening Management by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.
DBIx::QuickORM before version 0.000026 for Perl is vulnerable to SQL injection via unquoted SQL identifiers. The default SQL builder does not set quote_char, causing identifiers to be emitted verbatim into SQL queries.
A missing authorization vulnerability was found in Apache ActiveMQ for temporary destinations. Temporary destinations are expected to be isolated to the connection that created them, but the isolation is only checked on the client side, allowing a different connection to consume from another connection's temporary destination.
A vulnerability in Apache ActiveMQ allows an authenticated user to cause a DoS attack on the broker by sending a crafted OpenWire message with an excessive map size value. The lack of size validation during deserialization of message property maps can trigger OOM and crash the broker.
A vulnerability in Apache ActiveMQ allows an unauthenticated client to send non-terminating header bytes via STOMP NIO, causing unlimited buffering and JVM heap exhaustion.
A Cross-site Scripting (XSS) vulnerability was found in Apache ActiveMQ and its Web Console. The browse page renders a message ID without sanitization, allowing an authenticated producer to send a crafted JMS message ID containing HTML/JavaScript. When an administrator browses the queue, the payload executes in their browser.

