CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-48928
Medium

An inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

CVE-2026-48618
Medium

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismatch.

CVE-2026-13226
Medium

The Groundhogg plugin for WordPress (versions up to and including 4.5.4) is vulnerable to generic SQL injection via the 'after' parameter. Authenticated attackers with Sales Manager-level access or above can append additional SQL queries to existing ones, enabling extraction of sensitive data from the database. Additionally, the AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, allowing any authenticated user to reach the vulnerable code path.

CVE-2026-9219
Medium

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior generate a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment, allowing an attacker who obtains the registration ID to arbitrarily enroll watches belonging to other users.

CVE-2026-43920
Medium

A vulnerability in FOSSBilling versions 0.5.4 through 0.7.2 allows an unauthenticated remote attacker to trigger the /run-patcher maintenance endpoint, which executes critical operations such as configuration file modifications, database schema changes, filesystem mutations, and cache clearing. The lack of authentication and CSRF validation enables denial-of-service attacks via a simple HTTP GET request.

CVE-2026-13083
Medium

A flaw was found in the Pen Drive report generator where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored XSS payload into cluster objects that executes in the browser of any user who opens the generated HTML report.

CVE-2026-12993
Medium

A flaw was found in Apicurio Registry where DocumentBuilderAccessor blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant) causing CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit.

CVE-2026-40941
Medium

In Cacti versions 1.2.30 and prior, a package import signature validation bypass allows self-signed packages. This issue has been fixed in version 1.2.31.

CVE-2026-40084
Medium

Cacti versions 1.2.30 and prior are vulnerable to Path Traversal via the Report format_file parameter, allowing arbitrary file read. The vulnerability involves two stages: stored injection without validation and subsequent file read using an unsanitized path.

CVE-2026-40082
Medium

Cacti versions 1.2.30 and prior do not call session_regenerate_id() after successful login, allowing Session Fixation attacks. An attacker can fixate a session and hijack it after the victim logs in.

CVE-2026-40080
Medium

Cacti versions 1.2.30 and prior are vulnerable to Open Redirect due to using str_contains() for referer checking instead of full host validation. An attacker can craft a malicious Referer header to redirect the user to an attacker-controlled site after login.

CVE-2026-6330
Medium

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path.

CVE-2026-6329
Medium

The vulnerability in PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.

CVE-2026-6092
Medium

Vulnerability in TLS/DTLS implementation where, when HAVE_ENCRYPT_THEN_MAC is configured, the system may incorrectly fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC.

CVE-2026-55962
Medium

Vulnerability in TLS 1.3 post-handshake authentication (PHA) where a server could accept a client's Finished message without requiring a certificate and CertificateVerify. The issue was due to incorrectly applying the empty certificate exemption intended only for the initial handshake, also during an outstanding post-handshake CertificateRequest.

CVE-2026-44622
Medium

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-13282
Medium

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device.

CVE-2026-10098
Medium

A vulnerability in the wolfSSL_OCSP_resp_find_status function of the wolfSSL library causes serial number comparison in OCSP responses to not require equal length. This allows a SingleResponse for a certificate whose serial is a prefix of the target's serial to be incorrectly matched, returning the wrong certificate's revocation status.

CVE-2020-37256
Medium

Grav before version 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.

CVE-2026-6681
Medium

In the PKCS#7 decode path of the wolfSSL library, the caller-supplied output buffer size (outputSz) is ignored, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL version 5.9.0 and earlier, and was fixed in release 5.9.1.

PreviousPage 46 of 526Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS