CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A vulnerability in the @acastellon/auth authentication system for microservices allows an unauthenticated attacker to bypass token validation via crafted auth-user and Host HTTP headers. The issue affects validateToken() in versions prior to 2.3.0.
Cross-site scripting (XSS) vulnerability in MediaWiki due to improper input neutralization during page generation. The issue is located in resource files related to user blocking.
A Cross-Site Scripting (XSS) vulnerability in the Wikimedia Foundation CheckUser extension due to improper input neutralization during page generation. The issue is located in Vue module files related to temporary accounts.
An XSS vulnerability in MediaWiki exists in the ApiSandboxLayout.Js file, allowing an attacker to inject malicious script into a page. The issue affects versions from 1.46.0-rc.0 before 1.46.0.
A vulnerability in Poly Voice IP devices (CCX, Trio, Edge E) may render them inoperable when connecting to a malicious SIP server and receiving malformed data. HP is releasing updates to mitigate this risk.
A vulnerability in the Feast Feature Server's `/save-document` endpoint allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although file location restrictions are attempted, they can be bypassed, enabling overwriting of critical application configurations or startup scripts.
Multiple unbounded alloca() calls in the PulseAudio protocol server can lead to stack overflow and potential arbitrary code execution.
The RAOP module accepts unbounded Content-Length values and does not check the return value of pw_array_add().
A chain of vulnerabilities was found in pretix: payment plugins (Stripe, Mollie, OPPWA, BitPay, Payone, SecuConnect, Sofort, Saferpay) do not validate session parameters beyond cryptographic signature, the redirect feature uses the same key and salt for signing as the plugins, and the admin impersonation feature allows changing user after injecting arbitrary parameters. An attacker with access to at least one event can become any backend user and access all data.
A vulnerability in the PrivilegedHelperTool XPC service in Cato Client before version 5.13.1 on macOS is caused by improper certificate validation and a TOCTOU race condition. This allows a local authenticated attacker to escalate privileges to root using a self-signed certificate and a symlink swap during package installation.
The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member.
The PrivateContent WordPress plugin contains an incorrect privilege assignment vulnerability that allows privilege escalation. This issue affects versions from n/a through 9.9.2.
A vulnerability was found in the Linux kernel's DRM driver for Intel i915, affecting read/write (pread/pwrite) operations for physical buffers (phys BO). The bug incorrectly scales the offset using the pointer returned by sg_page(), causing access to wrong buffer parts. It primarily impacts Gen3/945G/Lakeport platforms using overlay or cursor planes with physical mapping.
In the Linux kernel, a vulnerability in the RDS (Reliable Datagram Sockets) subsystem for InfiniBand (IB) was found where the i_sends pointer is not cleared during setup unwind. After a failed rds_ib_setup_qp() call, the i_sends memory is freed but the pointer remains stale, potentially leading to a use-after-free condition on subsequent connection teardown attempts.
A vulnerability was found in the Linux kernel for ARM64 CPUs where a TLBI;DSB sequence may complete before global observation of writes translated by an invalidated TLB entry. The issue is mitigated by adding an extra TLBI;DSB sequence.
In the Linux kernel, the WARN_ONCE() in hsr_addr_is_self() has been removed. The warning was triggered when the HSR node had no self_node pointer set, which is a normal condition during HSR interface removal. The issue was reported by syzbot.
A race condition in the Linux kernel's zap_other_threads() function fails to clear JOBCTL_PENDING_MASK for the calling thread during execve(). This causes a stale stop signal after execve completes, triggering a kernel warning and potential instability.
In the Linux kernel, a vulnerability was found in the ptrace mechanism for RISC-V architecture, causing a warning during core dump. The issue involves using an incorrect note type for the CFI register set, potentially disrupting the elf_core_dump function.
In the Linux kernel, a vulnerability was found in the wm_adsp driver where a NULL pointer dereference can occur when removing firmware controls. The issue happens when private control data was not created (e.g., for SYSTEM controls or when a codec driver's callback hides the control), and wm_adsp_control_remove() attempts to clean it up without checking the pointer.
In the Linux kernel netfilter nf_conntrack subsystem, a dangling pointer to an expectation function (expectfn) can point to freed module code after module unload. This causes a kernel Oops when the expected connection arrives, leading to system crash.

