CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-5067
Critical

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server by sending a crafted Sec-WebSocket-Key header. A flaw in the HTTP/1 header parser leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution.

CVE-2026-44748
Critical

SAP NetWeaver Application Server ABAP and ABAP Platform allow an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may lead to acceptance of tampered identity information, resulting in unauthorized access to sensitive user data.

CVE-2026-40128
Critical

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal.

CVE-2026-27671
Critical

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption.

CVE-2026-11697
Critical

Insufficient validation of untrusted input in UI in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11671
Critical

Use after free in Navigation in Google Chrome prior to version 149.0.7827.103 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11659
Critical

Integer overflow in UI in Google Chrome on Linux prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11654
Critical

Use after free in CameraCapture in Google Chrome on Mac prior to version 149.0.7827.103 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11651
Critical

A use after free vulnerability in the Network component of Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-11638
Critical

Use after free in Printing in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11634
Critical

A use after free vulnerability in the Gamepad component of Google Chrome on Windows prior to version 149.0.7827.103 could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-52778
Critical

YesWiki is a wiki system written in PHP that prior to version 4.6.6 contained an unsafe execution vulnerability in the Bazar form field calculator (CalcField.php). The flawed implementation of sanitizing user-defined mathematical formulas leads to ReDoS vulnerabilities and allows arbitrary PHP code execution.

CVE-2026-11393
Critical

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account.

CVE-2026-46289
Critical

A vulnerability in the Linux kernel related to incorrect length calculations in the extract_kvec_to_sg function has been fixed. These issues could lead to crossing page boundaries and overlapping pointers in the scatterlist.

CVE-2026-41448
Critical

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie. This exploits unsanitized string concatenation in the token file path construction within the authglinet middleware.

CVE-2026-39910
Critical

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control.

CVE-2026-25555
Critical

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware. Attackers can gain admin access by supplying an empty X-Api-Key header value.

CVE-2026-46442
CriticalEPSS 61%

Flowise prior to version 3.1.2 lacked route-level authorization for POST /api/v1/node-custom-function, allowing any authenticated user or API key to submit arbitrary JavaScript. When E2B_APIKEY is not configured, this code is executed inside a NodeVM sandbox, which can be escaped.

CVE-2026-46441
Critical

In versions prior to 3.1.2, FlowiseAI has a mass assignment vulnerability in the assistant update endpoint. This allows authenticated users to modify server-controlled properties, potentially breaking tenant isolation in multi-workspace environments.

CVE-2026-46440
Critical

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison.

PreviousPage 47 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS