CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
Wtyczki Mattermost w wersjach <=11.5, 11.1.5, 10.13.11 oraz 11.3.4.0 nieprawidłowo sprawdzają uprawnienia podczas przetwarzania poleceń w wtyczce Gitlab. To pozwala zwykłym użytkownikom na odinstalowanie instancji lub skonfigurowanie połączeń webhook za pomocą poleceń {{gitlab instance {option}}} lub {{/gitlab webhook {option}}}.
Wersje wtyczek Mattermost do 11.5, 11.1.5, 10.13.11 oraz 11.3.4.0 nie sprawdzają poprawnie ważnych przestrzeni nazw, co pozwala użytkownikom wtyczek na tworzenie subskrypcji do grup, które nie zostały zatwierdzone, poprzez tworzenie grup o tym samym prefiksie co grupa zatwierdzona.
Wersje wtyczek Mattermost do 11.5, 11.1.5, 10.13.11 oraz 11.3.4.0 nie mają odpowiednich kontroli na poziomie API dotyczących grup, do których użytkownik może tworzyć zgłoszenia lub dodawać komentarze. Umożliwia to użytkownikowi, będącemu członkiem wielu grup, tworzenie zgłoszeń w zablokowanej grupie za pomocą bezpośrednich żądań API.
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. Metric names were not checked for newlines, colons, or pipes, allowing additional metrics to be injected from untrusted sources.
Cockpit CMS up to version 2.14.0 contains a stored cross-site scripting vulnerability in the Set field type's Display template option. The template string is processed by the $interpolate function using new Function() and rendered via Vue's v-html directive without sanitization, allowing an attacker with content/:models/manage permission to inject arbitrary JavaScript.
In the ws WebSocket library for Node.js prior to version 8.20.1, a vulnerability in the websocket.close() implementation allows uninitialized memory disclosure when a TypedArray is passed as the reason argument.
Hedera Guardian through version 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint. Unauthenticated attackers can retrieve sensitive user information including usernames, Hedera DIDs, system roles, and policy assignments.
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions. The issue is due to a failure to redact sensitive information within device configurations and templates.
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated attacker with read-only permissions to elevate privileges to high. The issue is due to sensitive session information being recorded in audit logs.
Backstage to otwarte środowisko do budowania portali deweloperskich. W wersjach przed 0.6.11, nieprzetworzone encje w punktach końcowych @backstage/plugin-catalog-backend-module-unprocessed nie wymuszają sprawdzania uprawnień, co pozwala każdemu uwierzytelnionemu użytkownikowi na dostęp do nieprzetworzonych rekordów encji, niezależnie od ich właściciela.
Vvveb before version 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.
Vvveb before version 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow. The Signup::addUser() controller copies raw POST username values into the display_name field before sanitization, allowing attackers to inject HTML and script markup.
Verba jest podatna na atak typu Stored Cross-Site Scripting (XSS) w mechanizmie logowania. Nieautoryzowany atakujący może wprowadzić złośliwy ładunek XSS w polu nazwy użytkownika, który zostanie zapisany w logach aplikacji.
A covert timing channel in the comparison of MD5-hashed passwords during PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases, but databases may have MD5-hashed passwords from upgrades before PostgreSQL 13. Versions before 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Podinfo up to version 6.11.2 contains a reflected XSS vulnerability in the /echo and /api/echo endpoints. The echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers, allowing attackers to execute scripts in the podinfo origin context.
In OpenStack Ironic versions up to 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
Vulnerability in the ftpcp() function in Python's ftplib.py module. This function was not updated when CVE-2021-4189 was fixed, allowing an attacker to control the IP address and port passed to target.sendport().
Quark Drive before version 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page. The template renders push_config key names using Vue.js's v-html directive without escaping, allowing authenticated attackers to inject HTML or JavaScript payloads via the POST /update endpoint. The injected payload is persisted to disk and executed in the browsers of all authenticated users accessing the System Configuration tab.
In MISP, prior to version 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. An attacker could craft a malicious ordering parameter to manipulate the generated SQL query.
MISP is an open source threat intelligence and sharing platform. Prior to version 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation, allowing users to submit malformed UUID values, potentially leading to data integrity issues.

