CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-54326
Low

Pi is a minimal terminal coding harness. In versions from 0.74.0 to 0.78.1, HTML exports did not consistently reject unsafe Markdown link and image URL schemes, potentially leading to security vulnerabilities.

CVE-2026-57062
Low

Vulnerability in the CMS parser in gpgsm of GnuPG (up to version 2.5.20) mishandles the CMS format for AES-GCM encryption. The aes-ICVlen field should be 12 bytes but 4 bytes is also accepted, which may lead to errors in data integrity verification.

CVE-2026-56968
Low

In GNU SASL before version 2.2.4, there is a lack of sanitization of a short challenge in the _gsasl_ntlm_client_step function in the NTLM client, which could result in memory disclosure via a crafted server.

CVE-2025-15619
Low

A broken access control vulnerability in HCL Connections may allow an unauthorized user to view data in a single specific scenario.

CVE-2026-56376
Low

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a use-after-free vulnerability in the meta coder. When memory allocation fails, a single byte is written to a stale pointer, potentially leading to denial of service.

CVE-2026-55654
Low

A flaw was found in OpenSSH, which involves a heap out-of-bounds read during the cleanup of GSSAPI indicators. The issue occurs when a trailing NULL termination is missing in the auth-indicators array, potentially leading to a crash or abort of the SSH authentication path.

CVE-2026-49460
Low

pypdf is a free and open-source pure-python PDF library. Prior to version 6.12.2, an attacker could exploit this vulnerability to craft a PDF that leads to long runtimes.

CVE-2026-47241
Low

Net::IMAP in Ruby prior to versions 0.6.5 and 0.5.15 has a vulnerability that allows an attacker to inject additional commands. By exploiting improperly validated arguments, an attacker can force the first command to wait for another command to finish.

CVE-2026-48931
Low

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is sent before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.

CVE-2026-53663
Low

React Router versions from 7.12.0 to 7.15.1 had insufficient CSRF checks in Framework Mode that operated on POST requests but were bypassed on PUT/PATCH/DELETE requests. This vulnerability is fixed in version 7.15.1.

CVE-2026-54282
Low

In Starlette before version 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating {scheme}://{host}{path} and re-parsing the result, a path that does not begin with / (for example @google.com) moves the authority boundary during re-parsing, so request.url.hostname and request.url.netloc become attacker-controlled.

CVE-2026-53540
Low

In the Python-Multipart library before version 0.0.31, the parse_form() function did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks.

CVE-2026-53538
Low

Python-Multipart before version 0.0.30 incorrectly treated the semicolon (;) as a field separator in application/x-www-form-urlencoded bodies, while the WHATWG standard and modern browsers only recognize the & character. This parsing differential allows an attacker to smuggle extra form fields past an upstream body inspecting component.

CVE-2026-53537
Low

The vulnerability in Python-Multipart before version 0.0.30 is that the parse_options_header function decodes Content-Disposition and Content-Type headers according to RFC 2231/5987, allowing the use of extended parameter syntax (e.g., filename*=charset'lang'value). An attacker can exploit this difference in header interpretation between components (e.g., WAF, proxy) and the backend to smuggle a different field name or filename, bypassing security inspection.

CVE-2026-49356
Low

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is running Babel, if the attacker controls the input source code, can read the output source code, and knows the path of the source map file that they want to read.

CVE-2026-9610
Low

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 expose resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.

CVE-2026-8823
Low

A vulnerability in Mattermost versions 11.7.x <= 11.7.0 and 10.11.x <= 10.11.17 is due to missing validation of bot targets when demoting users to guests. This allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.

CVE-2026-8074
Low

Mattermost versions 11.7.x up to 11.7.0 and 10.11.x up to 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint. This allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.

CVE-2026-12888
Low

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.

CVE-2026-12823
Low

A security flaw in Browserbase Skills up to version 20260526 affects the Autobrowse Trace Artifact Handler component. An unknown function sets incorrect default permissions, potentially allowing unauthorized access. The attack requires local access and the exploit has been made public.

PreviousPage 6 of 60Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS