CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Pion DTLS library versions prior to 3.1.4 are vulnerable to remote denial of service via a panic triggered while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue is fixed in version 3.1.4.
Vulnerability in API Platform Core before versions 4.1.30, 4.2.26 and 4.3.12 allows an attacker to substitute resource types in IRI relations. Missing type validation in AbstractItemNormalizer enables assigning an object of an unintended type to a relation property.
In API Platform Core versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. The component cache (attributes, relationships, links) keyed on context cache key can be reused for a subsequent request from a different user with different permissions, exposing properties that should be hidden.
A deserialization vulnerability in the RemoteQueryCachePlugin of AWS Advanced JDBC Wrapper versions 3.3.0 through 4.0.0 allows arbitrary code execution on application servers via untrusted data from Redis or Valkey cache. An attacker with write access to the shared cache can inject a crafted Java object that triggers gadget chains upon deserialization.
A vulnerability in the WikiLambda extension for MediaWiki allows authentication bypass due to improper neutralization of input terminators. The issue affects versions before 1.43.9, 1.44.6, and 1.45.4.
Horde IMP before version 7.0.1 contains a path traversal vulnerability in lib/Compose.php. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos() prefix validation by appending traversal sequences after the matching prefix, causing file_get_contents() to read sensitive files whose contents are then exfiltrated as MIME parts in outgoing email; unauthenticated exploitation is also achievable via CSRF against an active authenticated session.
In versions prior to 7.1.2-26he, the `-concatenate` operation lacked security policy checks, potentially allowing reading and writing to paths disallowed by the policy. This issue has been fixed in version 7.1.2-26.
In ImageMagick prior to version 7.1.2-26, a heap buffer over-write vulnerability exists in the JP2 encoder due to incorrect argument handling. The issue has been fixed in version 7.1.2-26.
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, providing invalid arguments to the connected-components option causes an infinite loop. This issue has been fixed in the mentioned versions.
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder leads to a stack overflow when processing a crafted image.
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out-of-bounds write when processing a crafted image.
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, a use-after-free vulnerability occurs when identifying an image with a crafted 8BIM profile containing a specific format string. The issue is fixed in the mentioned versions.
In containerd versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts CDI annotations from untrusted checkpoint image metadata during container restoration. A user with pod creation permissions can bypass standard Kubernetes resource allocation and inject arbitrary devices or host mounts into the restored container.
A vulnerability in containerd allows reading arbitrary files on the host via kubectl logs. The bug occurs in the CRI plugin, which restores container.log from a checkpoint image without validating a symlinked path.
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a heap information disclosure vulnerability because part of the pixels are left unchanged.
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out-of-bounds read when a crafted image is processed, potentially causing a crash.
A vulnerability in Pivotal CRM 6.6.4.08 and systems with patch ghi-15381-cwe-502-20251225.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. This issue exists due to an incomplete fix for CVE-2026-39253.
A vulnerability in containerd prior to versions 2.3.2, 2.2.5 and 2.1.9 allows an attacker with pod creation permissions to poison the local image cache via a crafted checkpoint image. Missing validation of image references in the checkpoint import process enables assigning an arbitrary local tag to a malicious image.
In self-hosted Hoppscotch deployments version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The missing whitelist: true in NestJS ValidationPipe allows extra request properties like JWT_SECRET and SESSION_SECRET to be treated as valid InfraConfig entries, enabling an attacker to overwrite them.
Gradio before version 6.16.0 contains a path traversal vulnerability in the FileExplorer component's preprocess() method. Unauthenticated attackers can bypass the configured root directory by supplying path segments with directory traversal sequences or absolute paths, leading to arbitrary file read or exposure of sensitive files outside the intended directory.

