CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
libexpat before version 2.8.2 has an integer overflow in the copyString function.
In libexpat before version 2.8.2, there is an integer overflow in the doProlog function related to storeEntityValue and entity textLen.
In libexpat before version 2.8.2, there is an integer overflow in XML_ParseBuffer due to a lack of a check that was present in XML_Parse.
libexpat before version 2.8.2 has an integer overflow in the getAttributeId function.
libexpat before 2.8.2 has an integer overflow in addBinding.
libexpat before 2.8.2 has an integer overflow in storeAtts.
Craft CMS version 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access.
Craft CMS versions 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization. An authenticated administrator can inject malicious payloads into section names, volume names, user group names, global set names, generated field names, checkbox/radio option labels, and custom source labels, causing arbitrary JavaScript to execute in other users' control-panel sessions.
Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. This vulnerability allows low-privileged authenticated users to bypass view authorization for assets.
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that private asset.
Craft CMS contains a stored XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account to inject arbitrary JavaScript.
Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other users view or edit permissions.
Cap-go before version 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint. This allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies.
Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers to trigger consistent 500 errors.
Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access.
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions.
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id combination.
A vulnerability has been detected in BerriAI litellm up to version 1.82.2, affecting the ui_view_users function in the litellm/proxy/management_endpoints/internal_user_endpoints.py file. This issue is a result of an incomplete fix for CVE-2025-0628, leading to improper authorization.
A weakness has been identified in BerriAI litellm up to version 1.82.2, concerning the function load_openapi_spec_async. Manipulation of the argument spec_path leads to server-side request forgery.
A security flaw has been discovered in BerriAI litellm up to version 1.82.5 in the async_pre_call_hook function of the enterprise/enterprise_hooks/banned_keywords.py file. Manipulation of the prompt argument results in incorrect authorization, which can be exploited in remote attacks.

