CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
In MISP before version 2.5.28, there is an XSS vulnerability in app/View/Elements/Workflows/executionPath.ctp, allowing for the injection of malicious code in the workflow execution path.
A use-after-free vulnerability in WebKit was fixed with improved memory management. The issue affects Safari and Apple systems before the specified updates.
SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 allow unauthenticated LAN gRPC requests, enabling administrative actions. The cross-origin policy can be bypassed by omitting a Referer header. An attacker can read tilt, rotation, and elevation data, making it easier to infer the dish's geographical location.
A flaw in glib allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in the GIO escape_byte_string() function when processing malicious file or remote filesystem attribute values.
An unauthenticated attacker within BLE range can send shutdown, restart, or clear config commands to Meatmeet devices, causing denial of service. The device loses cloud connectivity until manually reconfigured or restarted.
CSRF vulnerability in 1Panel versions 1.10.33 through 2.0.15 in the panel name management functionality. Lack of CSRF defenses (tokens, Origin/Referer validation) allows an attacker to change the victim's panel name without consent via a crafted webpage.
Podatność CVE-2025-13125 dotyczy DijiDemi i polega na obejściu autoryzacji poprzez klucz kontrolowany przez użytkownika, co umożliwia wykorzystanie zaufanych identyfikatorów. Problem ten będzie aktualny do 28.11.2025.
A flaw in GLib (Gnome Lib) allows a remote attacker to cause heap corruption via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings, leading to denial of service or potential code execution.
A vulnerability in ColdFusion allows an attacker to gain limited unauthorized write access due to insufficiently protected credentials. The flaw stems from improper storage or transmission of authentication data. Exploitation does not require user interaction.
An XXE vulnerability in ColdFusion allows unauthorized file system reads on the server. Affected versions include 2025.4, 2023.16, 2021.22 and earlier. An attacker can exploit this to access sensitive files, though exploitation depends on conditions beyond the attacker's control.
A flaw in the user interface of Microsoft Exchange Server leads to misrepresentation of critical information, allowing an unauthorized attacker to perform spoofing over a network.
A cross-site scripting (XSS) vulnerability was found in phpIPAM v1.7.3 in the Request IP form. It allows remote attackers to inject arbitrary web script or HTML via the instructions parameter at the /app/admin/instructions/edit-result.php endpoint.
Podatność CVE-2025-6924 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software e-BAP Automation, co pozwala na wystąpienie ataków typu Reflected XSS.
Podatność CVE-2025-6923 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software UNIS, co pozwala na ataki typu Reflected XSS.
Podatność CVE-2025-10876 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Talent Software e-BAP Automation, co umożliwia ataki typu Cross-Site Scripting (XSS). Problem ten dotyczy wersji e-BAP Automation od 1.8.96 do przed v.41815.
In the Attachment service of usememos memos v0.25.2, a lack of file name validation allows attackers to perform a path traversal. This vulnerability enables access to files outside the intended directory.
An incorrect access control vulnerability in the Identity Provider service of usememos memos v0.25.2 allows low-privileged attackers to arbitrarily modify or delete registered identity providers. This can lead to account takeover or Denial of Service (DoS).
W wielu plikach istnieje możliwość ujawnienia informacji między użytkownikami z powodu braku sprawdzenia uprawnień. Może to prowadzić do lokalnego ujawnienia informacji bez potrzeby dodatkowych uprawnień wykonawczych.
In usememos memos version 0.25.2, incorrect access control allows attackers with low-level privileges to arbitrarily modify or delete attachments created by other users.
In usememos memos version 0.25.2, an incorrect access control allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

