CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
A flaw was found in binutils, specifically within the `readelf` utility, allowing a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted ELF file. Exploitation can lead to excessive resource consumption or a program crash, making the system unresponsive.
A vulnerability in Spring Security's SubjectX500PrincipalExtractor incorrectly handles malformed CN values in X.509 certificates, potentially reading the wrong username. A crafted certificate could allow an attacker to impersonate another user.
The DeepL Chrome browser extension versions from v1.22.0 to v1.23.0 contain a cross-site scripting vulnerability, allowing an attacker to execute arbitrary scripts in a user's browser and inject malicious HTML into web pages viewed by the user.
OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling. Attackers can inject arbitrary SQL expressions via the query= and filter= parameters for integer-mapped DAAP fields.
Vulnerability in the XML Database component of Oracle Database Server allows an unauthenticated attacker remote access via HTTPS to confidential data. It requires user interaction and is difficult to exploit.
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafted URLs containing the payload, potentially stealing session cookies or performing actions on behalf of affected users.
An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 allows an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface. The attack requires convincing an authenticated administrator to visit the “AP Select” page while a malformed SSID is present.
A vulnerability in StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 allows an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results they do not have access to.
In the Junrar library prior to version 7.5.10, a path traversal vulnerability in the `LocalFolderExtractor` class allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when extracting a crafted RAR archive.
Vvveb prior to version 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to bypass MIME type validation by prepending a GIF89a header to HTML/JavaScript payloads, then renaming the file to .html extension. This enables arbitrary JavaScript execution in an administrator's browser session, potentially leading to backdoor account creation and malicious plugin uploads for remote code execution.
W podatności CVE-2026-6369 występuje niewłaściwa kontrola dostępu w kliencie canonical-livepatch przed wersją 10.15.0, co pozwala lokalnemu użytkownikowi bez uprawnień na uzyskanie wrażliwego tokena uwierzytelniającego na poziomie roota poprzez wysłanie nieautoryzowanego żądania do gniazda Unix livepatchd.sock. Problem ten występuje na systemach, gdzie administrator włączył klienta Livepatch z ważną subskrypcją Ubuntu Pro.
A double-free and use-after-free vulnerability was found in the `IntoIter::drop` and `ThinVec::clear` functions of the thin_vec crate. A panic in `ptr::drop_in_place` skips resetting the length to zero.
A server-side request forgery (SSRF) vulnerability has been discovered in the RAGAS library up to version 0.4.3 in the Collections module. The functions _try_process_local_file/_try_process_url in util.py improperly validate the retrieved_contexts argument, allowing a remote attacker to make requests to internal resources. The exploit has been published, and the vendor did not respond.
In OpenFGA versions 0.1.4 through 1.13.1, when using preshared-key authentication with the playground enabled, the API key is included in the HTML response of the /playground endpoint. This endpoint is enabled by default and does not require authentication, potentially leaking sensitive credentials.
A vulnerability in Anviz CX7 firmware allows an authenticated attacker to upload a CSV file with path traversal, overwriting arbitrary files such as /etc/shadow. Combined with debug-setting changes, this can lead to unauthorized SSH access.
W składniku obsługi wolumenów w AWS EFS CSI Driver (aws-efs-csi-driver) przed wersją v3.0.1 występuje niewłaściwe neutralizowanie ograniczników argumentów, co pozwala zdalnym uwierzytelnionym użytkownikom z uprawnieniami do tworzenia PersistentVolume na wstrzykiwanie dowolnych opcji montowania za pomocą wstrzyknięcia przecinka.
A vulnerability in Red Magic 11 Pro (NX809J) allows non-privileged applications to trigger sensitive operations. The lack of validation for applications accessing the service interface enables an attacker to write files to specific partitions and set writable system properties.
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.
A path traversal vulnerability in OpenHarness prior to commit dd1d235 allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can bypass the project memory directory validation and access sensitive files accessible to the OpenHarness process.
The CVE-2026-21726 vulnerability allows an attacker to read files by exploiting double encoding in the namespace parameter at the Ruler API endpoint.

