CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to perform server-side request forgery (SSRF). Successful exploitation of this flaw could lead to information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
Session fixation vulnerability in Wikimedia Foundation OAuth. Allows an attacker to fixate a session identifier on the victim, potentially leading to session hijacking.
An improper input validation vulnerability has been discovered in the Wikimedia Foundation UrlShortener library. The issue is located in the includes/UrlShortenerUtils.php file.
A vulnerability in the command interface of NVIDIA ConnectX and BlueField allows a local user with virtual function (VF) access to cause an out-of-bounds write via crafted input. Successful exploitation may lead to arbitrary code execution on the device.
A vulnerability in the command interface of NVIDIA ConnectX and BlueField allows a local user with virtual function (VF) access to cause a write out of bounds via crafted input. Successful exploitation may lead to arbitrary code execution on the device.
A vulnerability in HTML::Gumbo for Perl before version 0.19 discloses heap memory via type confusion. The walk_tree function does not support the <template> element, treating it as a text node, causing strlen() to over-read the heap block.
A vulnerability in FatFs R0.16 and earlier affects long filename (LFN) handling. The function copies filenames (up to 255 characters) into short fixed buffers without bounds checking, causing buffer overflow.
FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums.
FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This can lead to data disclosure.
A vulnerability in FatFs R0.16 and earlier allows bypassing dirty-cache consistency checks via unsigned-subtraction wrap in f_read() and f_write() during interleaved read/write operations on fragmented filesystems.
A vulnerability in FatFs prior to R0.16, using GPT scanning with 'FF_LBA64 = 1', causes an infinite loop during filesystem mounting. The issue stems from an unbounded loop count derived from the GPTH_PtNum field in the GPT header, leading to extremely long or infinite mount times.
FatFs R0.16 and earlier contains a divide-by-zero bug in exFAT sync logic. Crafted metadata can cause n_fatent - 2 to be zero during write/sync operations, leading to a system crash.
In FatFS R0.16 and earlier, there is an integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers.
A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc. The flaw is caused by improper input neutralization during web page generation, allowing injection of malicious scripts.
A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc., due to improper input neutralization during web page generation. The issue affects versions from 4.8.2.23 up to 4.8.3.0.

