CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
In NOVUS AirGate 4G firmware version 1.1.16, the /uci/get/ endpoint suffers from incorrect access control. This allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
A pre-authentication code injection vulnerability in ChromaDB Python project version 1.0.0 and later allows an unauthenticated attacker to execute arbitrary code on the server by sending a malicious model repository with trust_remote_code set to true to the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API. Attackers can exploit insufficient URL path sanitization to access internal endpoints.
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. This vulnerability allows attackers to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers.
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled. Python objects loaded via dill.loads() will be deserialized without validation.
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access by including ../ sequences in the upload filename when sent to specific endpoints.
By default, the ROUTER socket in the SGLangs multimodal generation runtime scheduler binds to 0.0.0.0 and contains a sink that calls pickle.loads() on incoming messages, enabling remote code execution (RCE) when exposed to the internet.
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process.
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which leads to the loss of password length in Perl.
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file with a >= 1 GiB OCTET STRING (or BIT STRING) attribute, a heap out-of-bounds write could be triggered, leading to remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
The WordPress Plugin Peugeot Music version 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter.
GitBucket version 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands. This is exploited through weak secret token generation and insecure file upload functionality.
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function.
The vulnerability in jsonpickle 2.0.0 allows remote code execution by deserializing malicious JSON payloads containing py/repr objects. An attacker can craft a specially prepared JSON that, during deserialization, invokes the eval function to execute arbitrary Python commands.
libbabl version 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection.
The iDS6 DSSPro Digital Signage System version 6.2 contains a CAPTCHA security bypass vulnerability. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
In versions prior to 0.9.0 of the Open WebUI platform, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password as a string with no minimum length requirement, allowing an empty string to pass validation.
phpMyFAQ before version 4.1.2 contains an unauthenticated SQL injection vulnerability in the BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods. Attackers can exploit the public GET /api/captcha endpoint by injecting malicious User-Agent headers, leading to the leakage of sensitive data.
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.

