CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability has been detected in Radware Cyber Controller up to version 10.11.0, affecting an unknown part of the HTML Report Generation component. The manipulation leads to HTML injection, allowing for remote exploitation.
A vulnerability in ImageMagick before version 7.1.2-15 (and 6.x before 6.9.13-40) causes a heap out-of-bounds read in the DecodeImage loop of the PCD coder. A specially crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, leading to denial of service and potential disclosure of an adjacent heap byte.
An integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) in ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 causes a heap out-of-bounds read on 32-bit builds, potentially leading to information disclosure or a crash.
GNU Savannah Administration Savane through version 3.17 uses untrusted data as part of authorization, which may lead to unauthorized access.
Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters.
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver. This allows underscore characters in app_id to act as SQL wildcards, potentially leading to unintended pattern matches.
Capgo before version 12.128.2 contains an authentication logic flaw that allows a user with permission to manage team or organization security settings to enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account.
In versions 4.36.0 through 4.39.19, Authelia may skip an access control rule in specific cases of lack of domain canonicalization. An attacker could exploit this vulnerability to gain access to resources that should be protected.
Versions of Authelia from 4.38.0 to 4.39.19 have an issue with case sensitivity in usernames during Basic Auth authentication. As a result, different case variations can lead to the creation of separate ban buckets for the same user.
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. In versions prior to 2.6.0, the public array `AbstractGenerator::$temporaryFiles` allows for the deletion of temporary files without verification, which can lead to unauthorized file deletions.
A vulnerability in NI grpc-device due to incorrect numeric type conversion in CodeGen, caused by missing range checks. This may silently discard high bits if a size value exceeds the target type's range.
HTML injection vulnerability in pgAdmin 4's cloud module allows injecting HTML code via crafted credentials. The flaw exists in /rds/, /azure/, /google/, and /cloud/ endpoints where SDK error messages are returned in JSON without HTML encoding, then rendered by the Cloud Wizard frontend. An authenticated user can inject a malicious iframe that redirects the victim to an external site.
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers.
A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the 'dbrecover.php' and 'netremap.php' modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link.
The UsersWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.2.63. Authenticated attackers with editor-level access can reset or permanently delete the avatar or banner image of any arbitrary user.
In versions 4.0.0 to 4.1.0 of the Steeltoe.Configuration.Encryption library, configuring `encrypt:rsa:algorithm=OAEP` does not enable OAEP encryption due to an incorrect BouncyCastle transformation string. The `OAEP` setting selects the PKCS#1 v1.5 algorithm, which is equivalent to the `DEFAULT` setting.
The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location.
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.
In versions prior to 5.0.0, users can reset their MFA tokens via API routes that send them emails. The number of emails sent is not limited, allowing attackers to flood users' mailboxes.

