CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-58399
High

A vulnerability in the @acastellon/auth authentication system for microservices allows an unauthenticated attacker to bypass token validation via crafted auth-user and Host HTTP headers. The issue affects validateToken() in versions prior to 2.3.0.

CVE-2026-58035
Unknown

Cross-site scripting (XSS) vulnerability in MediaWiki due to improper input neutralization during page generation. The issue is located in resource files related to user blocking.

CVE-2026-58034
Unknown

A Cross-Site Scripting (XSS) vulnerability in the Wikimedia Foundation CheckUser extension due to improper input neutralization during page generation. The issue is located in Vue module files related to temporary accounts.

CVE-2026-58031
Unknown

An XSS vulnerability in MediaWiki exists in the ApiSandboxLayout.Js file, allowing an attacker to inject malicious script into a page. The issue affects versions from 1.46.0-rc.0 before 1.46.0.

CVE-2026-2891
High

A vulnerability in Poly Voice IP devices (CCX, Trio, Edge E) may render them inoperable when connecting to a malicious SIP server and receiving malformed data. HP is releasing updates to mitigate this risk.

CVE-2026-23537
Critical

A vulnerability in the Feast Feature Server's `/save-document` endpoint allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although file location restrictions are attempted, they can be bypassed, enabling overwriting of critical application configurations or startup scripts.

CVE-2026-14330
Medium

Multiple unbounded alloca() calls in the PulseAudio protocol server can lead to stack overflow and potential arbitrary code execution.

CVE-2026-14324
Medium

The RAOP module accepts unbounded Content-Length values and does not check the return value of pw_array_add().

CVE-2026-13602
High

A chain of vulnerabilities was found in pretix: payment plugins (Stripe, Mollie, OPPWA, BitPay, Payone, SecuConnect, Sofort, Saferpay) do not validate session parameters beyond cryptographic signature, the redirect feature uses the same key and salt for signing as the plugins, and the admin impersonation feature allows changing user after injecting arbitrary parameters. An attacker with access to at least one event can become any backend user and access all data.

CVE-2026-12374
Medium

A vulnerability in the PrivilegedHelperTool XPC service in Cato Client before version 5.13.1 on macOS is caused by improper certificate validation and a TOCTOU race condition. This allows a local authenticated attacker to escalate privileges to root using a self-signed certificate and a symlink swap during package installation.

CVE-2026-5136
High

The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member.

CVE-2026-57692
Critical

The PrivateContent WordPress plugin contains an incorrect privilege assignment vulnerability that allows privilege escalation. This issue affects versions from n/a through 9.9.2.

CVE-2026-53356
Unknown

A vulnerability was found in the Linux kernel's DRM driver for Intel i915, affecting read/write (pread/pwrite) operations for physical buffers (phys BO). The bug incorrectly scales the offset using the pointer returned by sg_page(), causing access to wrong buffer parts. It primarily impacts Gen3/945G/Lakeport platforms using overlay or cursor planes with physical mapping.

CVE-2026-53355
Unknown

In the Linux kernel, a vulnerability in the RDS (Reliable Datagram Sockets) subsystem for InfiniBand (IB) was found where the i_sends pointer is not cleared during setup unwind. After a failed rds_ib_setup_qp() call, the i_sends memory is freed but the pointer remains stale, potentially leading to a use-after-free condition on subsequent connection teardown attempts.

CVE-2026-53354
Unknown

A vulnerability was found in the Linux kernel for ARM64 CPUs where a TLBI;DSB sequence may complete before global observation of writes translated by an invalidated TLB entry. The issue is mitigated by adding an extra TLBI;DSB sequence.

CVE-2026-53353
Unknown

In the Linux kernel, the WARN_ONCE() in hsr_addr_is_self() has been removed. The warning was triggered when the HSR node had no self_node pointer set, which is a normal condition during HSR interface removal. The issue was reported by syzbot.

CVE-2026-53352
Unknown

A race condition in the Linux kernel's zap_other_threads() function fails to clear JOBCTL_PENDING_MASK for the calling thread during execve(). This causes a stale stop signal after execve completes, triggering a kernel warning and potential instability.

CVE-2026-53351
Unknown

In the Linux kernel, a vulnerability was found in the ptrace mechanism for RISC-V architecture, causing a warning during core dump. The issue involves using an incorrect note type for the CFI register set, potentially disrupting the elf_core_dump function.

CVE-2026-53350
Unknown

In the Linux kernel, a vulnerability was found in the wm_adsp driver where a NULL pointer dereference can occur when removing firmware controls. The issue happens when private control data was not created (e.g., for SYSTEM controls or when a codec driver's callback hides the control), and wm_adsp_control_remove() attempts to clean it up without checking the pointer.

CVE-2026-53349
Unknown

In the Linux kernel netfilter nf_conntrack subsystem, a dangling pointer to an expectation function (expectfn) can point to freed module code after module unload. This causes a kernel Oops when the expected connection arrives, leading to system crash.

PreviousPage 46 of 4498Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS