CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK version 1.4.0 allows an attacker within Bluetooth range to cause a Denial of Service (DoS) by sending a specific sequence of crafted control packets.
The D-Link DIR-823-Pro version 1.02 has improper permission control, allowing unauthorized users to enable and access Telnet services.
The vulnerability in Net::IP::LPM version 1.10 for Perl improperly handles leading zero characters in IP CIDR address strings, which could allow attackers to bypass IP-based access controls. Leading zeros are interpreted as octal notation, potentially confusing users.
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30. It allows injection of malicious JavaScript code into the page.
W jądrze systemu Linux zidentyfikowano podatność, która prowadziła do zakleszczeń i głodzenia kanałów kontrolnych w ścieżce danych wychodzących. Wprowadzono dodatkową kolejkę danych kanału kontrolnego, aby zapobiec czasom oczekiwania i zawieszaniu się łączy podczas przeciążenia ldisc.
A reference count leak was discovered in the Linux kernel's p9_read_work() function in the 9p subsystem. When the rc.sdata field of the request structure is NULL, the p9_req_put call is missing, causing a temporary reference leak.
W jądrze Linuxa zidentyfikowano podatność polegającą na dereferencji wskaźnika NULL w funkcji dev_parse_header_protocol, gdy pole skb->dev jest puste. Problem ten występuje w sterowniku tap, gdzie wywołanie tap_get_user prowadzi do błędu, ponieważ skb->dev jest ustawiane dopiero po wywołaniu funkcji virtio_net_hdr_to_skb.
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
A vulnerability was found in the XFIXES extension where the XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
In GIMP, the "Despeckle" plug-in has an integer overflow vulnerability. Unchecked multiplication of image dimensions (width, height, bytes-per-pixel) can cause insufficient memory allocation and out-of-bounds writes.
Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria version 20240627-0. An attacker can inject malicious script via the "Profisso" field in the "Pessoas" section.
A Cross-Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria version 20240627-0. The 'Descrico' form field in the 'Oportunidades' section during activity creation or editing allows JavaScript injection.
Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria allows an attacker to inject malicious script into the 'Título' (title) field within the filter save option of the 'Busca' (search) function.
A Cross Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria 20240627-0 in the 'Observaces' (observances) form field within the 'Pessoas' (persons) section when creating or editing a legal or natural person. An attacker can inject malicious JavaScript code that executes in the victim's browser.
In vulnerability CVE-2025-25250 in Fortinet FortiOS, an authenticated user can access full SSL-VPN settings via a crafted URL. This affects FortiOS versions 7.6.0, 7.4.0 through 7.4.7, as well as all versions of 7.2, 7.0, and 6.4, and FortiSASE 25.1.c.
FortiOS versions 7.6.1 and below, and 7.4.7 and below, have an Improper Certificate Validation vulnerability. This may allow an EAP verified remote user to connect from FortiClient using a revoked certificate.
FortiOS SSL-VPN has an insufficient session expiration vulnerability that allows an attacker with a cookie used for login to log in again, even if the session has expired or was logged out.
A heap buffer over-read vulnerability has been identified in the libarchive library. The issue occurs when the size of a filter block exceeds the LZSS window, potentially causing the library to read beyond allocated memory, leading to unpredictable behavior, crashes, or disclosure of sensitive information.
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

