CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
AutoBangumi before version 3.2.8 contains a server-side request forgery (SSRF) vulnerability. Unauthenticated remote attackers can probe internal network services by supplying arbitrary host values to an unprotected setup endpoint.
LobeChat through version 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup operations without user-scoped predicates to read agent listings, modify agent roles and ordering, and remove agents from chat groups belonging to other users.
Apereo CAS 7.3.0 before version 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.
LobeChat up to version 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality. Authenticated attackers can access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method.
Taiga before version 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary project identifier to these endpoints, which bypass permission checks and apply the AllowAny default, to pre-empt project administrators from initializing due dates by creating records before they can do so themselves.
A vulnerability in Dapr Sentry allows an attacker to poison the OIDC discovery document via an unvalidated X-Forwarded-Host header. When no allowed-hosts list is configured (default), a remote unauthenticated attacker can cause relying parties to fetch JWKS from an attacker-controlled server, enabling acceptance of attacker-signed JWT tokens.
LobeChat before version 2.2.10-canary.18 contains a server-side request forgery (SSRF) vulnerability. An authenticated attacker can direct internal HTTP requests to arbitrary URLs by exploiting the skill import (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project's ssrf-safe-fetch wrapper.
Pathway through 0.31.1 (fixed in commit d09722e) allows a remote unauthenticated attacker to cause a denial of service by sending a short glob pattern with many ** tokens to the /v1/retrieve, /v1/inputs, or /v2/answer HTTP endpoints. The recursive matcher without memoization leads to exponential time complexity, consuming CPU for tens of seconds per request.
In Weaviate before version 1.38.0, there is no verification that a principal assigning an RBAC role holds the permissions granted by that role. The assignRoleToUser and assignRoleToGroup handlers only authorize the ability to assign a role, not the permissions within it, allowing a user with the delegated assign_and_revoke_users or assign_and_revoke_groups permission to assign the built-in admin role or any high-privilege custom role to themselves or others.
JuiceFS through version 1.3.1 contains an authentication bypass vulnerability. Unauthenticated remote attackers can access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux.
LobeChat through version 2.2.9 in server-database deployments is vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS, and updateTranslate methods filter target rows by message ID only, omitting the userId scope applied by sibling methods, and findMessagePlugin reads back by ID alone. An authenticated user who knows another user's message identifier can overwrite that victim's plugin tool-call metadata, plugin state/error, text-to-speech, and translation records on the same instance, with tampered content served back to the victim.
A vulnerability in RAGFlow before version 0.26.3 allows JavaScript injection due to improper storage of agent pipeline node names. The node name is not sanitized during agent updates and is rendered without HTML encoding in the web interface, leading to script execution in another user's session.
LobeChat before version 2.2.10-canary.15 contains a ReDoS vulnerability. An authenticated attacker can block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. This pattern is injected into a dynamically constructed regular expression in the findSkillMd function, causing prolonged denial of service for all users.
Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. Attackers can inject dot-dot sequences into the URL to traverse outside the designated spaces directory, and when the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations.
AutoBangumi before version 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints.
A double-free vulnerability was found in GIMP's PSP file format parser within the read_layer_block() function. Processing a specially crafted PSP file can cause memory corruption.
A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead/sub_483ba0 component to cause a denial of service (DoS).
Reflected XSS vulnerability in Netdata before 2.3.1 in the api/v2/ilove.svg and api/v3/ilove.svg endpoints. The love parameter is reflected into the SVG document without escaping, allowing arbitrary JavaScript injection. The endpoints are accessible without authentication because bearer-token protection is disabled by default.
The TinyPNG plugin for WordPress (versions up to 3.6.13) contains an arbitrary file deletion vulnerability exploitable by authenticated attackers with author-level access or higher. The issue stems from insufficient file path validation in the delete_converted_image_size function.
Eclipse Wakaama before snapshot/2026-05-26 has an unbounded memory allocation vulnerability in the CoAP Block1 handler. An unauthenticated attacker can send a sequence of Block1 PUT requests with incrementing block numbers, causing repeated reallocation of an accumulation buffer without size limit, leading to server memory exhaustion.

