CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
In the Linux kernel, a vulnerability in the idxd DMA driver causes device reference leaks during compat bind and unbind operations. Failure to release references leads to improper memory management.
A vulnerability in the PHP backend of gemscms.aptsys.com.sg (through May 28, 2025) allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This is achieved by sending specially crafted HTTP GET/POST requests to public API endpoints.
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg (up to 2025-05-28) allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This is achieved by sending specially crafted HTTP GET/POST requests to public API endpoints.
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can inject malicious HTML or JavaScript into the Name or Description fields, which is stored and later rendered without proper output encoding in search results. When other users view these results, the script executes in their browsers.
A reference count leak was discovered in the Linux kernel's bpf_prog_test_run_xdp() function. The issue occurs when the error handling path fails to call xdp_convert_buff_to_md(), causing a network interface (e.g., sit0) to remain stuck and preventing its release.
A crash occurs in the ocelot network driver (Microsemi) when adding an interface to a LAG group. The bug is a NULL pointer dereference in ocelot_set_aggr_pgids() for unregistered ports (ocelot_vsc7514.c frontend).
A memory leak in the Linux kernel's skb_segment_list() function used for GRO packet segmentation. The leak stems from outdated truesize accounting after commit ed4cccef64c1 changed fragment orphaning, preventing socket deallocation.
In the Linux kernel, a vulnerability in dm-verity's recursive forward error correction (FEC) was found. Recursive calls can cause denial-of-service due to up to 4 billion iterations and overwrite shared buffers, breaking correction logic.
Podatność CVE-2025-2204 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Tap&Sign firmy Tapandsign Technologies. Umożliwia to ataki typu Cross-Site Scripting (XSS).
A path traversal vulnerability exists in TMS Management Console 6.3.7.27386.20250818 from TMS Global Software. The 'Download Template' function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.
Podatność CVE-2025-4763 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w systemie Hotel Guest Hotspot firmy Aida Computer Information Technology Inc. Umożliwia to ataki typu Reflected XSS.
Stored XSS vulnerability in Argo Workflows allows arbitrary JavaScript execution in another user's browser via artifact directory listing. Affects versions prior to 3.6.17 and 3.7.8.
A vulnerability in Lodash versions 4.0.0 through 4.17.22 allows prototype pollution via the _.unset and _.omit functions. An attacker can pass crafted paths that cause Lodash to delete methods from global prototypes.
A vulnerability in the Linux kernel causes a system panic when copying sk_buff.cb data to userspace via sock_recv_errqueue. The issue stems from the skbuff_fclone_cache lacking a usercopy whitelist, triggering a BUG() when CONFIG_HARDENED_USERCOPY is enabled. The fix uses a local stack variable as a bounce buffer to bypass the hardened usercopy check.
W jądrze systemu Linux zidentyfikowano podatność, która prowadzi do dereferencji wskaźnika NULL podczas dezaktywacji nieaktywnych agregatów w funkcji qfq_reset. Problem występuje, gdy dwa obiekty qfq_class wskazują na ten sam leaf_qdisc, co może prowadzić do błędów w zarządzaniu kolejkami.
The imaplib module in Python allows injection of additional commands via newline characters in a user-supplied command. Mitigation rejects commands containing control characters.
A vulnerability in Chainlit versions prior to 2.9.4 allows an authenticated attacker to read arbitrary files on the server by manipulating the path in a project element update request. The attacker can copy the file to their session and then retrieve it using the element identifier.
The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets.
An uncontrolled recursion vulnerability was found in libxml2's xmlCatalogXMLResolveURI function. It occurs when an XML catalog contains a delegate URI entry that references itself, leading to infinite recursion and call stack exhaustion.
W oprogramowaniu konfiguracyjnym ThinkPlus zgłoszono potencjalną podatność, która może umożliwić lokalnie uwierzytelnionemu użytkownikowi dostęp do wrażliwych informacji o urządzeniu.

