CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2025-65887
Medium

A division-by-zero vulnerability was found in the flow.floor_divide() component of OneFlow v0.9.0. An attacker can cause a Denial of Service (DoS) by providing a crafted input tensor containing zero.

CVE-2026-1489
Medium

W GLib znaleziono lukę, która polega na przepełnieniu całkowitym w implementacji konwersji wielkości liter Unicode. Przetwarzając specjalnie przygotowane i niezwykle duże ciągi Unicode, atakujący może wywołać niewłaściwą alokację pamięci, co prowadzi do zapisów poza przydzielonym obszarem pamięci.

CVE-2026-1484
Medium

W bibliotece GLib znaleziono błąd w procedurze kodowania Base64, który występuje podczas przetwarzania bardzo dużych danych wejściowych. Niewłaściwe użycie typów całkowitych podczas obliczania długości może prowadzić do błędnego obliczenia granic bufora, co skutkuje zapisem pamięci poza przydzielonym buforem.

CVE-2025-9820
Medium

A flaw was found in the GnuTLS library in the gnutls_pkcs11_token_init() function handling PKCS#11 token initialization. Processing a token label longer than expected causes a stack buffer overflow, potentially leading to application crashes or code execution.

CVE-2025-11065
Medium

A flaw in the mapstructure library for Go causes information disclosure through detailed error messages. The WeakDecode function may leak sensitive input values in error messages when processing malformed data.

CVE-2026-23011
Medium

A vulnerability in the Linux kernel's IP over GRE (ip_gre) driver allows a system crash via kernel panic due to insufficient buffer space checks before adding the GRE header. This can be triggered by specially crafted network traffic, leading to a skb_under_panic error.

CVE-2026-23005
Medium

A vulnerability in the Linux kernel's XSAVE/XRSTOR mechanism for KVM virtual machines was found. When XSTATE_BV indicates an enabled feature that is disabled by XFD, attempting to restore that state via XRSTOR causes a #NM fault and kernel panic. This occurs when loading guest state via KVM_SET_XSAVE or updating XFD in response to guest WRMSR.

CVE-2025-71163
Medium

In the Linux kernel, a vulnerability in the idxd DMA driver causes device reference leaks during compat bind and unbind operations. Failure to release references leads to improper memory management.

CVE-2025-52023
Medium

A vulnerability in the PHP backend of gemscms.aptsys.com.sg (through May 28, 2025) allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This is achieved by sending specially crafted HTTP GET/POST requests to public API endpoints.

CVE-2025-52022
Medium

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg (up to 2025-05-28) allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This is achieved by sending specially crafted HTTP GET/POST requests to public API endpoints.

CVE-2025-71177
Medium

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can inject malicious HTML or JavaScript into the Name or Description fields, which is stored and later rendered without proper output encoding in search results. When other users view these results, the script executes in their browsers.

CVE-2026-22994
Medium

A reference count leak was discovered in the Linux kernel's bpf_prog_test_run_xdp() function. The issue occurs when the error handling path fails to call xdp_convert_buff_to_md(), causing a network interface (e.g., sit0) to remain stuck and preventing its release.

CVE-2026-22982
Medium

A crash occurs in the ocelot network driver (Microsemi) when adding an interface to a LAG group. The bug is a NULL pointer dereference in ocelot_set_aggr_pgids() for unregistered ports (ocelot_vsc7514.c frontend).

CVE-2026-22979
Medium

A memory leak in the Linux kernel's skb_segment_list() function used for GRO packet segmentation. The leak stems from outdated truesize accounting after commit ed4cccef64c1 changed fragment orphaning, preventing socket deallocation.

CVE-2025-71161
Medium

In the Linux kernel, a vulnerability in dm-verity's recursive forward error correction (FEC) was found. Recursive calls can cause denial-of-service due to up to 4 billion iterations and overwrite shared buffers, breaking correction logic.

CVE-2025-2204
Medium

Podatność CVE-2025-2204 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Tap&Sign firmy Tapandsign Technologies. Umożliwia to ataki typu Cross-Site Scripting (XSS).

CVE-2025-69612
MediumEPSS 55%

A path traversal vulnerability exists in TMS Management Console 6.3.7.27386.20250818 from TMS Global Software. The 'Download Template' function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

CVE-2025-4763
Medium

Podatność CVE-2025-4763 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w systemie Hotel Guest Hotspot firmy Aida Computer Information Technology Inc. Umożliwia to ataki typu Reflected XSS.

CVE-2026-23960
Medium

Stored XSS vulnerability in Argo Workflows allows arbitrary JavaScript execution in another user's browser via artifact directory listing. Affects versions prior to 3.6.17 and 3.7.8.

CVE-2026-22977
Medium

A vulnerability in the Linux kernel causes a system panic when copying sk_buff.cb data to userspace via sock_recv_errqueue. The issue stems from the skbuff_fclone_cache lacking a usercopy whitelist, triggering a BUG() when CONFIG_HARDENED_USERCOPY is enabled. The fix uses a local stack variable as a bounce buffer to bypass the hardened usercopy check.

PreviousPage 292 of 597Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS