CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-27955
Medium

Coolify prior to version 4.0.0-beta.464 has a vulnerability in the executeInDocker() helper that wraps commands in bash -c without escaping single quotes. The docker_compose_custom_build_command and docker_compose_custom_start_command fields are interpolated directly, allowing an attacker to break out of the bash -c argument and execute arbitrary commands on the managed server host.

CVE-2026-27883
Medium

Coolify prior to version 4.0.0-beta.464 has a vulnerability in the GET /api/v1/deployments/{uuid} endpoint that allows any authenticated user to access deployment details of any team, bypassing team-based authorization. The issue stems from the $teamId extracted from the authentication token not being used to scope the database query.

CVE-2026-27882
Medium

Coolify prior to version 4.0.0-beta.461 uses a non-constant-time string comparison operator (!==) to validate the GitLab webhook secret token. This allows an attacker to gradually discover the secret token by measuring response time differences (timing attack).

CVE-2026-27881
Medium

Coolify prior to version 4.0.0-beta.464 has a vulnerability in the `GET /api/v1/deployments/{uuid}` endpoint that does not validate whether the deployment belongs to the authenticated user's team. Any authenticated API user can read deployment details from other teams by providing a valid deployment UUID.

CVE-2026-35098
Medium

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate-limiting enables efficient brute-force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where passwords are restricted to a six-digit numeric format, this becomes a critical issue, as such passwords can be brute-forced in a relatively short time.

CVE-2026-35097
Medium

The KTM e-BOK system enforces a maximum password length of six numeric digits and does not allow alphabetic, special, or extended characters. This issue was fixed in the patch released in June 2026.

CVE-2026-35096
Medium

KTM e-BOK system is vulnerable to Cross‑Site Request Forgery (CSRF) in email-change and password-change functionalities. An authenticated user can be tricked into performing unauthorized changes without their knowledge.

CVE-2026-35095
Medium

The vulnerability in KTM e-BOK allows an attacker to set the session identifier before authentication. If a cookie with a valid name is set, its value remains unchanged after successful login, enabling session hijacking.

CVE-2026-14241
Critical

Memory safety bugs were found in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and could potentially be exploited to run arbitrary code with enough effort. This vulnerability was fixed in Firefox 152.0.4.

CVE-2026-14178
Medium

In openGauss, when processing to_timestamp calls with NLS parameters, to_timestamp_with_fmt_nls() stores nls_fmt_str in u_sess->parser_cxt.nls_fmt_str. In the seqscan + sort execution path, this string is allocated in the SeqScan expression context; after SeqScan completes, the memory context is reset, but the output phase timestamp_out() still accesses u_sess->parser_cxt.nls_fmt_str via CheckNlsFormat(), causing a heap-use-after-free. An attacker with SQL execution privileges can craft a specific to_timestamp(..., ..., nlsparam) query to trigger this, leading to backend process crash and denial of service.

CVE-2025-53648
Medium

A SQL misconfiguration in the Gravitino UI, versions 1.0.0 and below, allows a malicious user to read or truncate files. The issue is fixed in version 1.0.0.

CVE-2026-8655
Critical

Multiple memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway can lead to unpredictable or erroneous behavior and Denial of Service (DoS). The vulnerability occurs when NetScaler ADC is configured as an Oracle load balancer, DNS proxy, or DNS recursive resolver.

CVE-2026-8452
Critical

A memory overflow vulnerability in NetScaler ADC and NetScaler Gateway can lead to unpredictable or erroneous behavior and Denial of Service (DoS) if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CVE-2026-8451
High

Insufficient input validation in NetScaler ADC and NetScaler Gateway leads to memory overread when the device is configured as a SAML IDP.

CVE-2026-8403
Medium

A stored cross-site scripting (XSS) vulnerability was found in Eksagate SYSGUARD 6001 due to improper input neutralization during web page generation. It affects versions from 2.0.2 up to (but not including) 6.1.4.0. The vendor was contacted and confirmed the product is no longer supported.

CVE-2026-6556
Critical

In @fastify/express versions 4.0.6 and earlier, plugin prefixes are not applied to middleware mount paths when they are arrays or regular expressions. Consequently, middleware registered this way is not executed for requests to prefixed routes, allowing security mechanisms to be bypassed.

CVE-2026-58374
Medium

In hostapd before version 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame with a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs (0 through 14), causing an out-of-bounds write and small memory corruption before the 4-way handshake.

CVE-2026-58116
Critical

LLaMA-Factory through version 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True parameter, causing the Hugging Face transformers library to fetch and execute arbitrary code from a remote or local model repository with the privileges of the server process.

CVE-2026-58016
High

A flaw was found in GLib where a state confusion issue in g_dbus_node_info_new_for_xml() when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>, can cause an unsigned integer overflow and out-of-bounds read, leading to a denial of service.

CVE-2026-58015
Medium

A flaw was found in GLib's D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism. The cookie_context parameter received from the server is not validated, allowing a malicious D-Bus server to supply path traversal sequences. This enables the client to read arbitrary files and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

PreviousPage 259 of 4708Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS