CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-42867
Medium

Langflow before version 1.9.0 contains a Path Traversal vulnerability in the Knowledge Bases API (POST /api/v1/knowledge_bases). An authenticated attacker can exploit the lack of input sanitization to create directories and write files anywhere on the server's filesystem.

CVE-2026-34917
Medium

Low-privileged session IDs generated for the web admin console could be reused in the XML-RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorized access and exploit API-level vulnerabilities.

CVE-2026-34915
Medium

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low-privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.

CVE-2026-34913
Medium

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low-privileged user to link their trackers to campaigns owned by other managers on the same instance.

CVE-2026-34912
Medium

A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier allows a low-privileged user to link their zones to banners or campaigns owned by other managers on the same instance.

CVE-2025-13162
Medium

Uncontrolled Search Path Element vulnerability in ABB Control Builder A and ABB 800xA for Advant Master. This affects Control Builder A through 1.4/4 and 800xA for Advant Master through versions 6.0.3-1, 6.1.1-1, 6.1.1-3, 6.2.0-1.

CVE-2026-56696
Medium

The /issue and /pr_comments slash commands in OpenHarness lack remote_invocable=False protection, allowing remote senders to inject attacker-controlled Markdown into project context files.

CVE-2026-56695
Medium

In the OpenHarness ohmo gateway, the /resume and /summary commands have the default remote_invocable set to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private data such as prompts, credentials, and file paths.

CVE-2026-56694
Medium

NanoClaw before version 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups.

CVE-2026-56693
Medium

NanoClaw before version 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.

CVE-2026-56692
Medium

NanoClaw before version 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName, which allows malicious agents to disclose arbitrary host files.

CVE-2026-56402
Medium

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

CVE-2026-55767
Medium

Vulnerability in Guzzle (PHP HTTP client) before version 7.12.1 allows incorrect acceptance of cookies with a dot-only Domain attribute or whitespace-padded variants. SetCookie::matchesDomain() removes leading dots, normalizing to an empty string, causing the cookie to match any request host. An attacker can set a cookie in a shared cookie jar that Guzzle later sends to unrelated hosts.

CVE-2026-55766
Medium

The guzzlehttp/psr7 library before version 2.12.1 did not reject CR/LF characters in certain HTTP start-line fields (request method, protocol version, response reason phrase). An attacker can inject controlled data into these fields, and after serializing the PSR-7 message to raw HTTP/1.x (e.g., via Message::toString()), it may lead to HTTP header injection.

CVE-2026-55568
Medium

Vulnerability in Guzzle (PHP HTTP client) before 7.12.1 causes traffic expected to be TLS-protected to the proxy to be transmitted in cleartext under certain configurations. This occurs when using built-in cURL handlers (CurlHandler or CurlMultiHandler) with libcurl older than 7.50.2 and an https:// proxy URL — libcurl silently treats it as http://, never establishing an encrypted connection.

CVE-2026-54303
Medium

In n8n before version 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL.

CVE-2026-52673
Medium

SQL Injection vulnerability in Cboard v.0.4.2 and earlier allows a remote attacker to execute arbitrary code via the getDimensionsValues component.

CVE-2025-55639
Medium

A NULL pointer dereference vulnerability was discovered in GPAC MP4Box v2.4 in the gf_isom_add_track_kind() function at isomedia/isom_write.c. Attackers can exploit this by crafting a malicious MP4 file to cause a Denial of Service (DoS).

CVE-2026-12969
Medium

A read out-of-bounds vulnerability exists in dnsmasq's find_soa() function. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields.

CVE-2026-11772
Medium

DRIMO CMS is vulnerable to reflected XSS via the q parameter in the searching functionality. An attacker can prepare a URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.

PreviousPage 68 of 530Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS