CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
Pi is a minimal terminal coding harness. In versions from 0.74.0 to 0.78.1, HTML exports did not consistently reject unsafe Markdown link and image URL schemes, potentially leading to security vulnerabilities.
Vulnerability in the CMS parser in gpgsm of GnuPG (up to version 2.5.20) mishandles the CMS format for AES-GCM encryption. The aes-ICVlen field should be 12 bytes but 4 bytes is also accepted, which may lead to errors in data integrity verification.
In GNU SASL before version 2.2.4, there is a lack of sanitization of a short challenge in the _gsasl_ntlm_client_step function in the NTLM client, which could result in memory disclosure via a crafted server.
A broken access control vulnerability in HCL Connections may allow an unauthorized user to view data in a single specific scenario.
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a use-after-free vulnerability in the meta coder. When memory allocation fails, a single byte is written to a stale pointer, potentially leading to denial of service.
A flaw was found in OpenSSH, which involves a heap out-of-bounds read during the cleanup of GSSAPI indicators. The issue occurs when a trailing NULL termination is missing in the auth-indicators array, potentially leading to a crash or abort of the SSH authentication path.
pypdf is a free and open-source pure-python PDF library. Prior to version 6.12.2, an attacker could exploit this vulnerability to craft a PDF that leads to long runtimes.
Net::IMAP in Ruby prior to versions 0.6.5 and 0.5.15 has a vulnerability that allows an attacker to inject additional commands. By exploiting improperly validated arguments, an attacker can force the first command to wait for another command to finish.
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is sent before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26.
React Router versions from 7.12.0 to 7.15.1 had insufficient CSRF checks in Framework Mode that operated on POST requests but were bypassed on PUT/PATCH/DELETE requests. This vulnerability is fixed in version 7.15.1.
In Starlette before version 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating {scheme}://{host}{path} and re-parsing the result, a path that does not begin with / (for example @google.com) moves the authority boundary during re-parsing, so request.url.hostname and request.url.netloc become attacker-controlled.
In the Python-Multipart library before version 0.0.31, the parse_form() function did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks.
Python-Multipart before version 0.0.30 incorrectly treated the semicolon (;) as a field separator in application/x-www-form-urlencoded bodies, while the WHATWG standard and modern browsers only recognize the & character. This parsing differential allows an attacker to smuggle extra form fields past an upstream body inspecting component.
The vulnerability in Python-Multipart before version 0.0.30 is that the parse_options_header function decodes Content-Disposition and Content-Type headers according to RFC 2231/5987, allowing the use of extended parameter syntax (e.g., filename*=charset'lang'value). An attacker can exploit this difference in header interpretation between components (e.g., WAF, proxy) and the backend to smuggle a different field name or filename, bypassing security inspection.
Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is running Babel, if the attacker controls the input source code, can read the output source code, and knows the path of the source map file that they want to read.
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 expose resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
A vulnerability in Mattermost versions 11.7.x <= 11.7.0 and 10.11.x <= 10.11.17 is due to missing validation of bot targets when demoting users to guests. This allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.
Mattermost versions 11.7.x up to 11.7.0 and 10.11.x up to 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint. This allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.
An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.
A security flaw in Browserbase Skills up to version 20260526 affects the Autobrowse Trace Artifact Handler component. An unknown function sets incorrect default permissions, potentially allowing unauthorized access. The attack requires local access and the exploit has been made public.

