CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in Mythic before version 3.4.0.60 is caused by a broken Hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server.
A missing authorization vulnerability in the CRM module of ruoyi-vue-pro (up to version 2026.05, fixed in commit c779a47) exists in the GET /admin-api/crm/follow-up-record/get endpoint. Authenticated users can read any follow-up record by iterating sequential numeric IDs.
Pinpoint through version 3.1.0 contains an insecure session management vulnerability where the pinpointJwt session cookie lacks HttpOnly and Secure attributes. This allows attackers to access the cookie via JavaScript (document.cookie) and transmit it in cleartext over HTTP.
A broken access control vulnerability in PhotoPrism before version 260601-a7d098548 allows authenticated non-admin users to modify other users' profile information. The missing session-to-user identifier validation in the PUT users API endpoint enables attackers to overwrite another user's profile details without authorization.
A vulnerability in LibrePhotos before version 1.0.0 in the SetPhotosShared endpoint allows authenticated users to bypass ownership validation and grant themselves access to other users' private photos. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos.
LibreTranslate through version 1.9.7 has an IP spoofing vulnerability in the get_remote_address() function. An unauthenticated attacker can inject arbitrary values into the X-Forwarded-For header, bypassing per-IP rate limiting and flood bans.
Parseable before version 2.9.2 exposes webhook tokens and basic-auth credentials in cleartext via notification-target API endpoints due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including low-privilege reader roles, can recover credentials and internal endpoint URLs for all configured notification targets.
A vulnerability in Teable before the June 15, 2026 build allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and read field values intended to be restricted from public view.
In Snowflake CLI versions prior to 3.19, improper neutralization of parameters allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing unintended SQL execution in the context of the user's Snowflake session.
A vulnerability in Snowflake CLI prior to version 3.19 allows server-side request forgery (SSRF) due to improper handling of untrusted remote references in !source/!load directives. An attacker can supply crafted SQL content that, when processed through a vulnerable command path, causes unauthorized outbound requests to internal or non-public network locations and remote SQL execution in the victim's session.
A weakness in the Contact Tracking component of DeepMyst Mysti 0.4.0 involves improper authorization in the _isTrackedConversation function of src/managers/ChannelBridge.ts. The attack can be initiated remotely but requires high complexity and is considered difficult to exploit. A public exploit is available, increasing the attack risk.
A security flaw in PcapPlusPlus 25.05 affects the pcpp::ModbusLayer::getLength function in ModbusLayer.h. Manipulating the length argument causes a heap-based buffer overflow, which can be exploited remotely.
A heap-based buffer overflow vulnerability exists in PcapPlusPlus 25.05 in the pcpp::TelnetLayer::getSubCommand function of TelnetLayer.cpp. The attack can be initiated remotely but is difficult to exploit. A public exploit is available.
A heap-based buffer overflow vulnerability was found in PcapPlusPlus 25.05 in the function pcpp::SSLClientHelloMessage::getHandshakeVersion of SSLHandshake.cpp. An attacker can remotely manipulate the handshakeVersion argument, causing a buffer overflow. The attack complexity is high and exploitation is considered difficult, but the exploit has been publicly disclosed.
A stack-based buffer overflow vulnerability in the web management interface of TP-Link TL-WR841N v14 allows an authenticated remote attacker to crash the device by sending a crafted HTTP request. Successful exploitation leads to a denial-of-service condition, causing the device to crash and automatically reboot.
In Snowflake CLI versions prior to 3.19, sensitive credentials (passwords, tokens, private keys) were written in plaintext to local debug log files. An attacker with read access to these logs could steal authentication data.
A vulnerability in Snowflake CLI prior to version 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary.
A vulnerability in Honeywell IQ MultiAccess (versions up to and including 28) stems from improper digital signature verification. It allows an attacker to replace a downloaded file with a malicious one.
A vulnerability was found in Edimax EW-7478APC 1.04, involving OS command injection in the formStaDrvSetup function via the rootAPmac argument. The attack is remotely exploitable and the exploit is publicly available.
In Devolutions PowerShell Universal 2026.2.0, a vulnerability was found involving the insertion of sensitive information into sent data in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable authentication tokens with potentially higher privileges, which are serialized in plaintext in job API responses.

