CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-57872
HighEPSS 57%

An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.

CVE-2026-49486
High

The Apache Airflow FTP provider's FTPS connection does not encrypt the data channel. Although the control channel is TLS-protected, data is transmitted in cleartext, allowing a network attacker to intercept file contents and credentials.

CVE-2026-2053
High

A vulnerability in the message flow component of WSO2 API Manager allows an unauthenticated attacker to manipulate WS-Addressing headers. The lack of proper validation of these headers enables redirecting server-initiated requests to arbitrary destinations.

CVE-2026-10835
High

The SALESmanago & Leadoo WordPress plugin before version 3.11.3 does not properly sanitize and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorization on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.

CVE-2026-10823
High

The YMC Filter WordPress plugin before version 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.

CVE-2026-8797
High

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

CVE-2026-50741
High

CVE-2026-50741 bypasses the fix for CVE-2026-34916. Attackers can bypass the security patch by sending a disallowed but valid plugin identifier as type or by using the `ox.setChannelTargeting` XML-RPC API method.

CVE-2026-48933
HighEPSS 82%

A flaw in Node.js WebCrypto implementation crashes the process when the input of `subtle.encrypt()` is a multiple of 2 GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

CVE-2026-48619
High

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

CVE-2026-48615
High

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.

CVE-2026-9222
High

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. An attacker who knows the hash can authenticate and gain full access.

CVE-2026-9221
High

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID.

CVE-2026-9220
High

The Setracker2 Android Companion App versions 3.1.5 and prior encrypts communication between the watch and its backend using static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.

CVE-2026-40083
High

Cacti versions 1.2.30 and prior have an SQL injection vulnerability in managers.php due to unsanitized unserialize and implode operations. The lack of integer validation on deserialized array values allows attackers with SNMP agent management permissions to execute arbitrary SQL commands.

CVE-2026-8720
High

The wc_Blake2bHmacFinal and wc_Blake2sHmacFinal functions in the wolfSSL library have an issue when the key length exceeds the block size, resulting in a MAC that is independent of the input data. When a key is too long, the hashing state is reset, causing the loss of message data.

CVE-2026-7532
High

A vulnerability in the wolfSSL library allows bypassing IP address name constraints when the WOLFSSL_IP_ALT_NAME macro is not defined. In this configuration, a certificate can violate IP address constraints imposed by a certificate authority.

CVE-2026-7511
High

The vulnerability in PKCS7_verify allows signer confusion, enabling forged signatures to be accepted. The lack of proper binding between a signature and its signer bypasses verification mechanisms.

CVE-2026-6331
High

Vulnerability in EVP_DigestVerifyFinal allows forgery of zero-length HMAC tags. In the OpenSSL-compatible HMAC verification path, only the supplied signature length not exceeding the MAC length was checked, allowing zero-length or truncated tags to be accepted. The fix requires the supplied tag length to exactly equal the MAC length and rejects zero-length tags.

CVE-2026-6325
High

The vulnerability allows an out-of-bounds write in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list, potentially leading to a buffer overflow.

CVE-2026-54479
High

The WebSocket backend uses predictable session identifiers because multiple endpoints can connect using the same session identifier. This allows unauthorized users to impersonate others or cause a denial-of-service condition by overwhelming the backend with valid session requests.

PreviousPage 32 of 3319Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS