CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-37709
Critical

The CVE-2026-37709 vulnerability involves insecure permissions in grokability snipe-it version 8.4.0 and earlier, fixed after commit 676a9958 on March 10, 2026. This allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component.

CVE-2026-7415
Critical

The MQTT broker in Yarbo firmware version 2.3.9 is configured to allow anonymous connections with no topic-level access control. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages without any authentication.

CVE-2026-7414
Critical

Yarbo firmware v2.3.9 contains hardcoded administrative credentials. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users.

CVE-2025-63704
Critical

The NPM package query-parser-string version 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.

CVE-2025-63703
Critical

The npm package parse-ini version 1.0.6 is vulnerable to Prototype Pollution in the index.js() function.

CVE-2026-36458
Critical

ChestnutCMS version 1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.

CVE-2025-63706
Critical

The NPM package next-npm-version version 1.0.1 is vulnerable to Command injection, which may allow an attacker to execute unauthorized commands on the system.

CVE-2026-6795
Critical

CVE-2026-6795 describes a URL redirection to an untrusted site ('open redirect') vulnerability in DivvyDrive. It allows for parameter injection, potentially leading to unauthorized access.

CVE-2026-41589
Critical

Wish to serwer SSH, który w wersjach od 2.0.0 do przed 2.0.1 jest podatny na ataki typu path traversal w middleware SCP. Złośliwy klient SCP może odczytywać dowolne pliki z serwera, zapisywać pliki oraz tworzyć katalogi poza skonfigurowanym katalogiem głównym, wysyłając odpowiednio skonstruowane nazwy plików zawierające sekwencje ../ przez protokół SCP.

CVE-2026-30496
Critical

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration and writing/modifying settings including volume, mute, brightness, and other projector functions.

CVE-2026-8094
Critical

An unspecified vulnerability was found in the WebRTC component of Firefox and Thunderbird. The flaw was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

CVE-2026-8091
Critical

A vulnerability in the Audio/Video playback component of Firefox and Thunderbird results from incorrect boundary conditions. The flaw was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

CVE-2026-6508
Critical

The CVE-2026-6508 vulnerability in Liderahenk software has an origin validation error that allows access to functionality not properly constrained by access control lists (ACLs). This issue affects Liderahenk from version 2.0.1 before 2.0.2.

CVE-2026-33587
Critical

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

CVE-2026-41586
Critical

Hyperledger Fabric versions from 1.0.0 to 2.2.26 contain a vulnerability in the Channel.java class, which implements the readObject() method and exposes deSerializeChannel(). This method calls ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter, leading to a classic Java deserialization RCE pattern.

CVE-2026-42217
Critical

OpenEXR versions from 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11 have an issue with the readVariableLengthInteger() function that decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, leading to undefined behavior.

CVE-2026-42216
Critical

In OpenEXR versions 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11, a vulnerability exists in the IDManifest::init() function. When reconstructing strings from a prefix-compressed representation, the code reads bytes without verifying that the current string has at least two bytes, potentially causing an out-of-bounds read.

CVE-2026-41203
Critical

CI4MS is a CodeIgniter 4-based CMS skeleton that prior to version 0.31.5.0 had a vulnerability in the Theme::upload function. It allows an authenticated backend user with theme creation permissions to upload ZIP files without validating entry names, leading to remote code execution.

CVE-2026-41202
Critical

In versions prior to 0.31.5.0, the Backup::restore function in CI4MS does not validate file names in uploaded ZIP archives, allowing an authenticated user to write files to arbitrary filesystem locations, potentially leading to remote code execution.

CVE-2026-41201
Critical

In version 0.31.4.0, CI4MS, based on CodeIgniter 4, has a vulnerability that allows full account takeover and privilege escalation via Stored DOM XSS in the backup module filename field. An attacker can manipulate this field using a SQL file to inject a hidden XSS payload.

PreviousPage 83 of 544Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS