CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A directory traversal vulnerability in Spring Cloud Config allows an attacker to read arbitrary files via a specially crafted URL. The issue affects the spring-cloud-config-server module serving text and binary files.
Gotenberg is a stateless API for PDF files that in versions 8.30.1 and earlier improperly validates metadata values. These values can contain newline characters, allowing injection of arbitrary ExifTool pseudo-tags, leading to serious security vulnerabilities.
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
OpenClaw before version 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.
OpenClaw before version 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes the Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged context than intended.
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.
A use after free vulnerability in Views in Google Chrome prior to version 148.0.7778.96 allowed a remote attacker who compromised the renderer process to bypass site isolation via a crafted HTML page.
A use after free vulnerability in Fullscreen in Google Chrome prior to version 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials.
CVE-2026-0300 describes a buffer overflow vulnerability in the User-ID™ Authentication Portal service of Palo Alto Networks PAN-OS software, allowing an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets.
The vulnerability in the Apache::Session::Generate::ModUniqueId library versions 1.54 through 1.94 for Perl causes session IDs to be generated based on the UNIQUE_ID environment variable from the Apache mod_unique_id module. The ID relies on the IPv4 address, process ID, epoch time, a 16-bit counter, and a thread index, with no obfuscation, making it predictable and unsuitable for security purposes.
A vulnerability has been identified in the Linux kernel that has been resolved. The issue concerns passing flow_id to the set_rps_cpu() function, which may lead to out-of-bounds access and system crashes.
A race condition vulnerability was found in the Linux kernel's tcp_v6_syn_recv_sock() function. After calling tcp_v4_syn_recv_sock(), the child socket becomes visible in the TCP ehash table, but the pinet6 pointer still points to the listener's ipv6_pinfo, which can cause incorrect behavior.
W jądrze Linuxa rozwiązano podatność związaną z systemem plików btrfs, która występowała w funkcji btrfs_sync_file(). Użycie overlay na btrfs prowadziło do błędnego przypisania superbloku, co mogło skutkować awarią systemu.
In the Linux kernel, the AVX2 implementation for netfilter pipapo sets has a bug that returns non-matching entries on expiry. The issue occurs when AVX2 match functions prematurely stop processing the last field, leaving stale bits in the map, leading to false element clash reports.
W jądrze systemu Linux zidentyfikowano podatność, która prowadzi do dostępu poza granice tablicy dev->_tx[], gdy trace->type.bit6 jest ustawione, a is_input jest prawdziwe. Problem ten występuje, gdy urządzenie wejściowe ma więcej kolejek RX niż urządzenie wyjściowe TX.
Missing invocation of the session ID change method after session binding in Apache Wicket can be exploited for a session fixation attack.
In CoreDNS prior to version 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks the TSIG key name but never validates the HMAC, allowing authentication with any MAC. For DoH and DoH3, the server never inspects the TSIG record at all, treating any request with a TSIG record as authenticated.
Masa CMS is an open source content management system that, in versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, has a vulnerability in the unauthenticated JSON API. The altTable parameter is stored without validation, allowing an attacker to inject arbitrary SQL subqueries, enabling access to sensitive data in the database.

