CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw.
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw.
In MIT Kerberos 5 (krb5) before 1.22.3, an integer underflow and resultant out-of-bounds read occur if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
In MIT Kerberos 5 (krb5) before version 1.22.3, there is a NULL pointer dereference when an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 allows an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.
In Spring Boot, values produced by ${random.value} are not suitable for use as secrets due to a weak PRNG. ${random.uuid} is not affected, while ${random.int} and ${random.long} should never be used for secrets because of their predictable numeric range.
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter.
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community version 2.3.5 and earlier. An attacker can inject malicious JavaScript code via the doctype parameter in public/view.php.
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to perform directory traversal operations.
SmarterTools SmarterMail w wersjach przed 9610 zawiera słabość kryptograficzną w punktach końcowych udostępniania plików i e-maili, wykorzystującą szyfrowanie DES-CBC z kluczami i wektorami inicjalizacyjnymi pochodzącymi z System.Random, co prowadzi do ograniczonej przestrzeni nasion do około 19 000 możliwych wartości. Atakujący bez uwierzytelnienia może wykorzystać punkt końcowy pobierania załączników jako oracle do określenia używanego nasienia i wyprowadzenia kluczy szyfrujących oraz wektorów inicjalizacyjnych, co pozwala na fałszowanie tokenów udostępniania dla dowolnych e-maili, załączników lub zawartości przechowywanych plików bez wcześniejszego dostępu do docelowej zawartości.
W jądrze systemu Linux zidentyfikowano podatność związaną z walidacją zagnieżdżonych nagłówków VLAN w funkcji tcf_csum_act(). Błąd polega na tym, że kod nie sprawdza, czy pełny nagłówek VLAN jest dostępny w liniowym obszarze przed jego odczytem, co może prowadzić do naruszenia zasad integralności skb.
W jądrze systemu Linux zidentyfikowano podatność w module netfilter, która dotyczy walidacji kodowania zakresu w funkcji checkentry. Funkcja ports_match_v1() błędnie traktuje niezerowe wpisy pflags jako początek zakresu portów, co może prowadzić do nieprawidłowej interpretacji reguł.
In LangChain before version 1.1.2, an SSRF vulnerability exists in HTMLHeaderTextSplitter.split_text_from_url(). Although the initial URL is validated, redirects are not checked, allowing an attacker to access internal network resources.
CyberPanel versions prior to 2.4.4 have a stored XSS vulnerability in the AI Scanner dashboard. The unauthenticated POST /api/ai-scanner/callback endpoint allows attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records.
The Axios library versions 1.0.0 through 1.15.1 are vulnerable to a Prototype Pollution 'Gadget' attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses. The default transformResponse function calls JSON.parse with an unvalidated parseReviver, enabling attackers to selectively modify individual values in responses, leading to privilege escalation, balance manipulation, or authorization bypass.
The Axios library before versions 1.15.1 and 0.31.1 is vulnerable to a Prototype Pollution attack that silences all HTTP error responses (401, 403, 500, etc.), treating them as successful. The root cause is the use of the `in` operator in the `mergeDirectKeys` merge strategy for the `validateStatus` property, allowing polluted prototypes to affect validation logic.
A vulnerability in the rust-openssl library (versions 0.9.24 through 0.10.78) causes the PSK and cookie callbacks to not validate the user closure's return value against the buffer size. This can lead to buffer overflows and other unintended consequences.
An information leak was discovered in the build_report() function in the xfrm_user subsystem of the Linux kernel. The xfrm_user_report structure contains unzeroed padding bytes that are copied to userspace, potentially exposing kernel memory.
A vulnerability in the Linux kernel's rfkill mechanism allows userspace to create an unlimited number of rfkill events without consuming them from the file descriptor, potentially leading to an out-of-memory condition.

