CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-58580
Medium

LobeChat through version 2.2.9 in server-database deployments is vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS, and updateTranslate methods filter target rows by message ID only, omitting the userId scope applied by sibling methods, and findMessagePlugin reads back by ID alone. An authenticated user who knows another user's message identifier can overwrite that victim's plugin tool-call metadata, plugin state/error, text-to-speech, and translation records on the same instance, with tampered content served back to the victim.

CVE-2026-58579
Medium

A vulnerability in RAGFlow before version 0.26.3 allows JavaScript injection due to improper storage of agent pipeline node names. The node name is not sanitized during agent updates and is rendered without HTML encoding in the web interface, leading to script execution in another user's session.

CVE-2026-58578
Medium

LobeChat before version 2.2.10-canary.15 contains a ReDoS vulnerability. An authenticated attacker can block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. This pattern is injected into a dynamically constructed regular expression in the findSkillMd function, causing prolonged denial of service for all users.

CVE-2026-58467
High

Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. Attackers can inject dot-dot sequences into the URL to traverse outside the designated spaces directory, and when the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations.

CVE-2026-58466
Critical

AutoBangumi before version 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints.

CVE-2026-58381
Medium

A double-free vulnerability was found in GIMP's PSP file format parser within the read_layer_block() function. Processing a specially crafted PSP file can cause memory corruption.

CVE-2026-52187
High

A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead/sub_483ba0 component to cause a denial of service (DoS).

CVE-2025-71385
Medium

Reflected XSS vulnerability in Netdata before 2.3.1 in the api/v2/ilove.svg and api/v3/ilove.svg endpoints. The love parameter is reflected into the SVG document without escaping, allowing arbitrary JavaScript injection. The endpoints are accessible without authentication because bearer-token protection is disabled by default.

CVE-2026-7311
High

The TinyPNG plugin for WordPress (versions up to 3.6.13) contains an arbitrary file deletion vulnerability exploitable by authenticated attackers with author-level access or higher. The issue stems from insufficient file path validation in the delete_converted_image_size function.

CVE-2026-58465
High

Eclipse Wakaama before snapshot/2026-05-26 has an unbounded memory allocation vulnerability in the CoAP Block1 handler. An unauthenticated attacker can send a sequence of Block1 PUT requests with incrementing block numbers, causing repeated reallocation of an accumulation buffer without size limit, leading to server memory exhaustion.

CVE-2026-13743
Low

A vulnerability in CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 is due to improper verification of cryptographic signatures. This allows an attacker with physical access to upload arbitrary malicious firmware without authentication.

CVE-2026-8699
High

A stored XSS vulnerability was found in the web management interface of Archer C5 v6.8 routers due to insufficient input validation and output encoding. An admin can inject malicious HTML/JS that executes when another admin views the affected page.

CVE-2026-55952
High

A vulnerability in the Erlang/OTP ssl application allows an unauthenticated remote attacker to disrupt TLS 1.3 session ticket handling by sending a crafted ClientHello with mismatched PSK identity and binder lists. This crashes the session ticket handler process, making TLS 1.3 unusable on the affected listener until the ssl application is restarted.

CVE-2026-55950
Medium

A TOCTOU race condition in the Erlang/OTP ssl library's dtls_packet_demux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener by sending rapid ClientHello messages from the same source IP and port. The crash terminates the shared demux process, killing every DTLS association, not just the attacker's.

CVE-2026-54887
Medium

A vulnerability in the SSL library of the DTLS server in Erlang/OTP uses a default empty cryptographic key for DTLS cookie generation during server startup. This makes cookies predictable, allowing an attacker to bypass source address verification.

CVE-2026-54886
Medium

An infinite loop vulnerability in the ssh_sftpd module of Erlang OTP allows an authenticated SFTP user to permanently block an SFTP channel. Sending extended data (SSH_MSG_CHANNEL_EXTENDED_DATA) with a non-zero type code causes the handle_data/4 function to loop indefinitely, halting further communication on that channel.

CVE-2026-53422
Medium

An Observable Response Discrepancy vulnerability in the Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate files and directories outside the configured root directory. The SSH_FXP_REALPATH handler fails to canonicalize the path, bypassing the is_within_root/2 check and enabling filesystem enumeration.

CVE-2026-50282
Medium

Craft CMS versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without the required delete permission. The vulnerability is in the actionMoveFolder() function of the AssetsController.

CVE-2026-50281
High

Craft CMS versions 5.7.0 through 5.9.20 contain a mass-assignment vulnerability in the bulk-duplicate element action. An attacker who can duplicate their own entries can submit an arbitrary id via the newAttributes parameter, leading to overwriting an existing victim entry.

CVE-2026-44935
Critical

Missing validation of 'valuesFrom' references in Helm Deployer of SUSE Rancher Fleet allows owners of one tenant to access fleet credentials of other tenants. Affected versions: 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11, and 0.12 before 0.12.15.

PreviousPage 36 of 4519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS