CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
MiniGal Nano version 0.3.5 and prior contain a reflected XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply HTML/JavaScript that is reflected in the response.
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. A remote attacker with an administrator account can exploit this vulnerability to launch a denial-of-service (DoS) attack.
Podatność CVE-2025-10912 dotyczy oprogramowania TemizlikYolda firmy Saastech Cleaning and Internet Services Inc. i polega na obejściu autoryzacji poprzez manipulację zmiennymi kontrolowanymi przez użytkownika.
DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The implementation does not enforce allowlists, block internal or private IP address ranges, or apply request timeouts or response size limits.
In the cryptography library before version 46.0.5, there is a missing validation that the public key point belongs to the expected prime-order subgroup of the curve. This affects functions like public_key_from_numbers, load_der_public_key, and load_pem_public_key, allowing an attacker to provide a point from a small-order subgroup. Only SECT curves are impacted, potentially leading to private key leakage in ECDH and signature forgery in ECDSA.
A flaw in the user interface of Microsoft Exchange Server leads to misrepresentation of critical information, allowing an unauthorized attacker to perform spoofing over a network.
A flaw in GnuTLS allows a denial of service (DoS) attack via specially crafted certificates with a large number of name constraints and subject alternative names (SANs), causing excessive CPU and memory consumption.
Podatność na niebezpieczne przechowywanie wrażliwych informacji w aplikacji Senseway firmy Birtech Information Technologies Industry and Trade Ltd. Co. umożliwia odzyskiwanie osadzonych danych wrażliwych. Problem ten dotyczy wersji Senseway do 09022026.
Podatność CVE-2025-7708 w oprogramowaniu K12net firmy Atlas Educational Software Industry Ltd. Co. polega na wstawieniu wrażliwych informacji do wysyłanych danych, co umożliwia manipulację kanałem komunikacyjnym.
A security flaw in WukongCRM up to version 11.3.3 affects the URL Handler component in PermissionServiceImpl.java. Manipulation leads to improper authorization, allowing remote exploitation. A public exploit is available, and the vendor has not responded.
In WeKan versions prior to 8.19, there is an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement.
An IDOR vulnerability in the card comment creation API of WeKan versions prior to 8.19 allows an authenticated user to spoof the comment author by supplying another user's identifier in the request. This compromises data integrity.
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.
An authorization vulnerability in WeKan versions prior to 8.19 allows certain card update API paths to validate only board read access instead of requiring write permission.
WeKan versions prior to 8.19 have an information disclosure vulnerability in attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing metadata to unauthorized users.
In Vim, prior to version 9.1.2132, a heap buffer overflow vulnerability exists in the tag file resolution logic related to the 'helpfile' option. This issue occurs in the get_tagfname() function and involves copying the user-controlled 'helpfile' option value into a fixed-size buffer without bounds checking.
A path traversal vulnerability in My Text Editor v1.6.2 allows attackers to write files to internal storage, potentially causing a Denial of Service (DoS).
Nsauditor Product Key Explorer version 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
A race condition in the Linux kernel's SCSI layer can prevent the error handler from waking up when final commands complete concurrently. The issue stems from memory ordering problems and incorrect sequencing between counting busy commands and incrementing the failed counter. This can cause I/O on the SCSI host to become stuck in an error state.
A bug was found in the Linux kernel's hugetlb_pmd_shared() function, which incorrectly detects PMD table sharing for hugetlb pages. Instead of using the dedicated share count (pt_share_count), the function still relied on the refcount, causing shared PMD tables not to be recognized as shared. This leads to incorrect page migration (e.g., mbind) and wrong reporting in smaps and pagemap interfaces.

