CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability was found in the LLVM project up to version 22.1.6 in the GCRelocateInst::getBasePtr function within IntrinsicInst.cpp. Manipulating input data in Bitcode file handling causes a heap-based buffer overflow. The attack can be launched locally, and the exploit has been publicly disclosed.
A vulnerability was found in llvm-project up to version 22.1.6 in the function llvm::StringMap::insert within the ValueSymbolTable component. Data manipulation leads to a stack-based buffer overflow. Local access is required, and the exploit has been made public.
A cross-site scripting vulnerability was found in SourceCodester Inventory Management System 1.0 in the file /api/users_handler.php. Manipulating the full_name argument in the user registration endpoint allows remote script execution. The exploit is publicly available.
A security flaw has been discovered in CodeAstro Complaint Management System 1.0, affecting the Report Handler component. Manipulation of the Report Title argument in the /report/addreport file leads to cross-site scripting (XSS). Remote exploitation is possible, and the exploit has been publicly released.
Hitachi Virtual Storage Platform One Block 23, 24, 26, 28 lack firmware update validation. This issue affects versions before DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.
A weakness in the ISOBMFF Parser component of GPAC up to version 26.02.0 affects the file src/utils/base_encoding.c. A local attacker can trigger manipulation leading to highly compressed data, potentially causing uncontrolled data expansion after decompression. A public exploit increases the risk of attacks.
A weakness has been identified in Chess Play and Learn App up to version 4.9.42 on Android, involving processing of AndroidManifest.xml in the com.chess component. This manipulation leads to exposure of backup file to an unauthorized control sphere. The attack requires physical access to the device.
A vulnerability was found in VoltAgent up to version 2.1.17 in the Memory REST API component. The function handleGetMemoryConversation in memory.handlers.ts improperly authorizes access after manipulation of the conversationId argument. The attack can be performed remotely but is difficult to exploit due to high complexity.
A vulnerability was found in SimStudioAI sim up to version 0.6.92 in the password protection handler component (apps/sim/lib/core/security/deployment.ts). Manipulation leads to use of a weak hash, enabling a remote attack with high complexity. The exploit has been made public and a fix is pending.
A cross-site scripting vulnerability was found in Project Management System 1.0 in the /mail.php file (Mail Compose Page). The attack can be performed remotely and exploit details are publicly available.
A flaw has been found in ComfyUI-Copilot up to version 2.0.28 in the Workflow Checkpoint Restore Handler. The issue involves improper control of resource identifiers due to unknown processing in backend/controller/conversation_api.py. The attack can be performed remotely but is difficult due to high complexity.
A vulnerability was found in the MQTT Goodbye Handler component in file main/protocols/mqtt_protocol.cc of xiaozhi-esp32 up to version 2.2.6. Manipulation of the session_id argument in the Application::GetInstance function leads to a denial of service. The attack is remote but requires high complexity.
A security vulnerability has been detected in GLPI versions 11.0.5, 11.0.6, and 11.0.7 in the Document Handler component. The function Document::canViewFile in front/document.send.php improperly validates the docid argument, leading to authorization bypass. The attack can be executed remotely but is difficult to exploit due to high complexity.
A weakness has been identified in the MCP Response Handler component of 78 xiaozhi-esp32 up to version 2.2.6, involving improper synchronization in the ParseMessage function of main/mcp_server.cc. Remote exploitation is possible but considered difficult due to high attack complexity.
A vulnerability has been found in arc53 DocsGPT up to version 0.18.0 in the encrypt_credentials function within application/security/encryption.py. It involves insufficient verification of data authenticity, potentially allowing remote attacks. Although the exploit is difficult, it has been published and may be used.
A vulnerability was found in skypilot up to version 0.12.0, affecting the username.encode function in sky/users/server.py of the User ID Handler component. Manipulation leads to use of weak hash, enabling a remote attack with high complexity.
A vulnerability in 7-Zip for Windows up to version 26.02 allows bypassing the Mark-of-the-Web when extracting a crafted RAR5 archive. The guard mechanism checks for the exact name 'Zone.Identifier' but fails to handle STM records named ':Zone.Identifier:$DATA', which NTFS canonicalizes to the same stream, overwriting the Internet zone marker with ZoneId=0. A second STM record '::$DATA' overwrites the default data stream of the extracted file, enabling an attacker to bypass SmartScreen/MotW warnings and spoof file content.
A vulnerability in Dragonfly before version 1.39.9 allows RESP protocol injection via the redis.error_reply() function in Lua within EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients.
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
A vulnerability in Mattermost allows an authenticated attacker to exfiltrate data by injecting Markdown image syntax into AI bot tool result posts. Markdown image rendering restrictions are not properly applied to AI bot tool result posts, enabling data leakage to an attacker-controlled server when rendered by a victim's client.

