CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-57100
Critical

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to escalate privileges over a network.

CVE-2026-54998
High

A vulnerability in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network due to incorrect authorization.

CVE-2026-45499
Critical

A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to elevate privileges over a network. The attacker can send requests to internal resources, potentially leading to unauthorized access.

CVE-2026-41106
Critical

An open redirect vulnerability in M365 Copilot allows an unauthorized attacker to redirect users to a malicious site, potentially leading to privilege escalation over a network.

CVE-2026-26145
Medium

An improper access control vulnerability in Azure Synapse allows an authorized attacker to elevate privileges over a network.

CVE-2026-50722
High

In Libreswan, the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa() incorrectly verifies the DER encoding of the ASN.1 digest when processing IKEv2 AUTH payloads with RSASSA-PKCS1-v1_5. A remote attacker can exploit a Bleichenbacher-style attack to forge the AUTH payload when small public exponents (e.g., e=3) are used, leading to impersonation. Additionally, sending a shorter-than-expected hash can trigger an assertion, causing the daemon to abort and restart, resulting in denial-of-service.

CVE-2026-50721
High

Libreswan has a vulnerability in the RSA_authenticate_hash_signature_raw_rsa() function that incorrectly verifies the authentication hash length in IKEv1 packets using PKCS #1 RSA Encryption (RFC 2313). A remote attacker can use a Bleichenbacher variant to forge the SIG payload with small public exponents (e.g., e=3), leading to impersonation, or send a short hash to trigger an assertion and crash the daemon (DoS).

CVE-2026-12413
High

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart due to an off-by-one error in the PASSERT assertion. Continued exploitation would cause a denial of service (DoS).

CVE-2026-58460
High

The react-native-receive-sharing-intent library contains a path traversal vulnerability that allows a malicious co-resident app to write files outside the intended cache directory by supplying a crafted _display_name value with dot-dot path components. Attackers can send an explicit ACTION_SEND intent to the exported share-receiver activity to overwrite arbitrary files in the consuming app's private data directory, including databases, shared preferences, and cached configuration.

CVE-2026-52830
Critical

A vulnerability in fast-mcp-telegram before version 0.19.1 allows a remote HTTP client to bypass authentication by manipulating the Bearer token with path separators. A token like '../fast-mcp-telegram/telegram' grants access to the default legacy session, bypassing the reserved session name control.

CVE-2026-52192
High

A vulnerability in the UTT nv518G router with firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_445C5C component.

CVE-2026-52191
High

A buffer overflow vulnerability in the UTT nv518G router (firmware version nv518GV3v3.2.7-210919-161313) allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_444C8C component.

CVE-2026-52189
High

A buffer overflow vulnerability in UTT nv518G device (firmware version nv518GV3v3.2.7-210919-161313) allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_487330 component.

CVE-2026-52188
Medium

A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead//sub_497498 component to cause a denial of service (DoS).

CVE-2026-38972
High

Notepad3 up to version 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, allowing a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened.

CVE-2026-38971
Critical

An out-of-bounds read issue was found in the GCS_MAVLink library of ArduPilot up to version Plane-4.6.3, specifically in the GCS_MAVLINK::handle_serial_control() function. This vulnerability may lead to unexpected behavior or data leakage.

CVE-2026-38970
High

A denial-of-service vulnerability in pdfcpu up to version 0.11.1 is caused by uncontrolled recursion in the PDF parser. Functions ParseObjectContext() and parseArray() in parse.go recursively process nested PDF objects without enforcing a maximum nesting depth, potentially leading to stack overflow.

CVE-2026-38969
High

A vulnerability in the Ruby WEBrick library (up to version 1.9.2) re-parses the trailer Content-Length header into canonical request state, enabling request smuggling attacks.

CVE-2026-38968
Critical

A vulnerability in ntopng up to version 6.6 allows predictable session identifiers, leading to session hijacking. Session IDs are generated using weak time-seeded pseudo-randomness.

CVE-2026-59102
Medium

Forgejo before version 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULT_SHOW_FULL_NAME option is enabled, the run description is assembled server-side with the user's display name interpolated into an HTML string via a translation function that does not escape its arguments, and the frontend renders the result using a Vue v-html binding, causing script execution for any user who views the affected Actions run page.

PreviousPage 37 of 4524Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS