CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers. This issue affects Connext Professional from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, and from 4.3x before 5.2.*.
MCP Java SDK, the official Java SDK for Model Context Protocol servers and clients, had a hardcoded wildcard CORS vulnerability prior to versions 0.83.0, 1.0.1, and 1.1.1. This issue has been patched in the mentioned versions.
OpenStack Glance before versions 29.1.1, 30.1.1, and 31.0.0 is vulnerable to Server-Side Request Forgery (SSRF). An authenticated user can bypass URL validation checks using HTTP redirects to access internal services. The vulnerability affects only the image import functionality, specifically the web-download and glance-download import methods, as well as the optional ovf_process plugin.
In the Moby (Docker) framework prior to version 29.3.1, a vulnerability allows bypassing plugin privilege validation during installation. An error in the daemon's privilege comparison logic may cause it to accept a privilege set different from the one approved by the user, and for plugins requesting exactly one privilege, no comparison is performed at all.
In FreeRDP before version 3.24.2, a vulnerability in progressive_decompress_tile_upgrade() does not halt execution after detecting a mismatch, only logging a warning. Using a wrapped value (247) as a shift exponent causes undefined behavior and an approximately 80 billion iteration loop, resulting in CPU denial of service (DoS).
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information.
Multiple stored cross-site scripting (XSS) vulnerabilities were found in the Edit feature of the Software Package List page in IngEstate Server v11.14.0. Attackers can inject malicious payloads into the About application, What's news, or Release note parameters, leading to arbitrary script or HTML execution.
A vulnerability in BTstack prior to version 1.8.1 allows an out-of-bounds read in the AVRCP Browsing Target GET_FOLDER_ITEMS handler due to missing packet boundary and attribute count validation. A paired Bluetooth Classic attacker can trigger crashes and corrupt attribute bitmap state.
A flaw was found in libsoup that allows sensitive session cookies to be transmitted in cleartext during the establishment of HTTPS tunnels through a configured HTTP proxy. Attackers can intercept these cookies, leading to potential session hijacking or user impersonation.
W jądrze systemu Linux zidentyfikowano podatność, która została naprawiona. Problem dotyczy możliwego wycieku pamięci w wyrażeniu stanowym w ścieżce błędu, gdy klonowanie drugiego wyrażenia stanowego nie powiedzie się.
A vulnerability in Appsmith versions prior to 1.98 exposes sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains.
OpenBao versions prior to 2.5.2 with OIDC/JWT authentication enabled and a role configured with `callback_mode=direct` are vulnerable to XSS via the `error_description` parameter on the failed authentication page. An attacker can steal the token used in the Web UI by a victim.
In Blog.Core up to version bcb4d17, the getinfobytoken API interface has improper access control leading to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.
A testdata data-source can be used to trigger out-of-memory crashes in Grafana.
A resample query can lead to out-of-memory crashes in Grafana.
A vulnerability in public dashboards and direct data-sources exposes passwords of all direct data-sources, even if not used in dashboards. Passwords of proxied data-sources are not exposed.
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.
A stored cross-site scripting vulnerability in the artifacts API of ByteDance DeerFlow prior to commit 5dbb362 allows attackers to inject malicious HTML or JavaScript by uploading it as artifacts. The code executes in the browser context when users view the artifacts.
Sending a "NOOP (((...)))" command with 4000 parentheses increases memory usage by about 1 MB. Longer commands cause client disconnection. An attacker can keep this memory allocated by not sending the line feed (LF) character.
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

