CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58012
Medium

A flaw was found in GLib where a buffer over-read occurs in the g_regex_replace function when using the G_REGEX_RAW compile flag and case-change replacement escapes. The string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This can lead to minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

CVE-2026-58011
Medium

A flaw was found in GLib where an out-of-bounds read of 2 bytes occurs in the g_date_time_get_ymd function in glib/gdatetime.c when processing an invalid GDateTime object created by g_date_time_add_full. This can corrupt date output and cause logic errors.

CVE-2026-58010
Medium

An off-by-one error was found in GLib in the gvs_tuple_is_normal function within glib/gvariant-serialiser.c. The bounds check uses > instead of >=, causing an out-of-bounds read of one byte during alignment padding checks. This flaw can lead to minor information disclosure of one byte and denial of service if the read crosses a page boundary.

CVE-2026-4629
Medium

A flaw was found in Keycloak where a user with `manage-clients` permission can inject a hardcoded role mapper into any client. This bypasses scope restrictions and adds the `realm-admin` role to tokens, leading to privilege escalation and full administrative access to the realm.

CVE-2026-14209
Medium

A vulnerability in Keycloak's Admin UI allows administrators with limited permissions to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an admin who can only search for users can use the 'brute-force-user' endpoint to access full user profiles, including sensitive information and security metadata. The issue is due to missing permission checks for the 'view' right on this specific search path.

CVE-2026-12388
Medium

A flaw in the Identity Provider (IdP) mapper component of Keycloak allows an administrator with limited permissions to assign high-level administrative roles (e.g., realm-admin) to themselves or others by creating a 'Hardcoded Role' mapper. This bypasses security checks and grants full control over the entire realm.

CVE-2026-57082
Medium

The vulnerability in the Net::BitTorrent library for Perl (versions up to 2.0.1) generates the 160-bit Diffie-Hellman private key for the MSE handshake using a non-cryptographic PRNG (rand()). Since random padding is sent in cleartext from the same generator, a passive observer can recover the PRNG state, then the private key and RC4 keys, allowing decryption of the connection.

CVE-2026-57079
Medium

A vulnerability in the Net::BitTorrent library for Perl (up to version 2.0.1) allows writing files outside the download directory via path traversal in peer-supplied metadata. An attacker can exploit the ut_metadata extension (BEP09) to supply file names containing ".." sequences that are not properly validated.

CVE-2026-53692
Medium

Redeight CMS version 1.0 stores user passwords using the MD5 algorithm without a salt. MD5 is a cryptographically broken algorithm and the lack of salting allows attackers to easily reverse the hashes using rainbow tables.

CVE-2026-52760
Medium

A Cross-site Scripting (XSS) vulnerability was found in Apache ActiveMQ and its Web Console. The browse page renders a message ID without sanitization, allowing an authenticated producer to send a crafted JMS message ID containing HTML/JavaScript. When an administrator browses the queue, the payload executes in their browser.

CVE-2026-13316
Medium

A flaw has been found in Foreman where HTTP parameters can be modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS, GCP, or Azure environments.

CVE-2026-6954
Medium

Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. An attacker can execute JavaScript code or inject a dynamic iframe into the victim's browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'.

CVE-2026-6953
Medium

An HTML injection vulnerability has been discovered in Intermark IT's WebControl CMS v3.5. An attacker can send an email containing malicious HTML code to a victim via the contact form. Exploitation requires sending a request with the 'nombreApellidos', 'dirección', and 'comentarios' parameters to '/processContact.do'.

CVE-2026-12610
Medium

A use-after-free vulnerability was found in the SSSD (System Security Services Daemon) PAM component responsible for YubiKey authentication. The flaw is caused by improper memory pointer handling, which can lead to a crash. A local attacker could exploit this by manipulating smartcard or YubiKey contents.

CVE-2025-24816
Medium

Nokia MantaRay is affected by an Improper Access Control vulnerability due to insufficient authorization in the API. An authenticated attacker can retrieve confidential information beyond their assigned privileges.

CVE-2026-45822
Medium

The decode-uri-component library through version 0.4.1 is vulnerable to denial of service (DoS). The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.

CVE-2026-9576
Medium

The Fluent Booking WordPress plugin before version 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint. Users with at least the Calendar Manager role can retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.

CVE-2026-56809
Medium

Multiple laser printers and MFPs implementing Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An attacker can exploit this flaw to execute arbitrary scripts in the browser of a user accessing Web Image Monitor.

CVE-2026-11581
Medium

The Kali Forms WordPress plugin before 2.4.13 does not sanitize a form field's caption before outputting it as a column header on the admin form-entries screen. Users with Contributor-level access or above can inject JavaScript that executes in an administrator's session. A missing capability check in the post-duplication action allows the Contributor to publish the malicious form so an administrator renders it.

CVE-2026-8944
Medium

The Plugin for Google Analytics by IO technologies for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page (ga.php), allowing unauthenticated attackers to update the plugin's stored Google Analytics tracking ID option (io-ga-id) via a forged request, provided they can trick a site administrator into clicking a link.

PreviousPage 35 of 533Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS