CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The vulnerability affects sites with invalid TLS certificates, where the activation-delay in Firefox was missing. A malicious page could exploit this flaw to trick users into clicking in precise locations, potentially bypassing the certificate error.
A vulnerability was found in the PuneethReddyHC online-shopping-system-advanced version 1.0, allowing cross-site scripting (XSS) attacks through manipulation of the 'First name' argument in the addsuppliers.php file. The attack can be initiated remotely.
A vulnerability was found in SourceCodester Resort Reservation System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the Cottage Number argument on the Manage Room Page.
There is a heap-based buffer overflow vulnerability in the GitHub repository gpac/gpac prior to version 2.2.2.
Cilium, a networking, observability, and security solution, prior to version 1.13.4 had a vulnerability that allowed unintended access to secrets and services across namespaces when Gateway API was enabled. The lack of namespace checks when creating ReferenceGrant allowed attackers to use secrets that should not be visible to them.
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a, contained an out of bounds access bug that could have allowed an attacker to launch a DoS when parsing untrusted input data. It is important to note that this debug function was only used in tests and demos.
A vulnerability was found in OTCMS up to version 6.62 that allows path traversal through manipulation of the url argument in the file /admin/read.php?mudi=announContent.
A vulnerability has been identified in OTCMS versions up to 6.62 that allows path traversal attacks through argument manipulation in the usersNews_deal.php file. Exploiting this vulnerability may lead to unauthorized access to system files.
A vulnerability was found in OTCMS up to version 6.62 that allows path traversal via manipulation of the img argument in the admin/readDeal.php?mudi=readQrCode file.
A vulnerability has been found in UJCMS up to version 6.0.2 in the ZIP Package Handler component, which may lead to information disclosure. Manipulation of the argument dir allows for a remote attack, although the complexity is rather high.
A vulnerability was found in SourceCodester Online School Fees System 1.0 that allows cross site scripting attacks through manipulation of the 'branch' parameter in the /paysystem/branch.php file. The attack can be initiated remotely.
A vulnerability has been identified in JT2Go and Teamcenter Visualization applications that are in versions earlier than specified. The issue involves an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file, which could lead to the disclosure of sensitive information.
A vulnerability has been identified in JT2Go and Teamcenter Visualization applications, which contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application, causing a denial of service condition.
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0, rated as problematic. Manipulation of the arguments firstname/middlename/lastname/username in the file /classes/Users.php?f=save leads to cross-site scripting attacks.
A vulnerability was found in SourceCodester Performance Indicator System 1.0 that allows cross site scripting (XSS) attacks through manipulation of the prodname argument in the /admin/addproduct.php file.
A vulnerability was found in SourceCodester Life Insurance Management System 1.0 that allows cross site scripting attacks through manipulation of the nominee_id parameter in the insertNominee.php file. The attack can be launched remotely.
A vulnerability was found in y_project RuoYi up to version 4.7.7, classified as problematic. It affects the function filterKeyword, where manipulation of the argument value leads to resource consumption.
IBM TXSeries for Multiplatforms versions 8.1, 8.2, 9.1, and CICS TX Standard and Advanced versions 10.1 and 11.1 do not set the secure attribute on authorization tokens and session cookies. This may allow attackers to capture cookie values by sending an HTTP link to a user.
IBM TXSeries for Multiplatforms versions 8.1, 8.2, 9.1, and CICS TX Standard and Advanced versions 10.1 and 11.1 may transmit sensitive information in query parameters that could be intercepted using man-in-the-middle techniques.
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'title' argument in the admin/posts/manage_post.php file. The attack can be launched remotely.

