CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-44663
Medium

In OpenEXR versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted HTJ2K-compressed EXR file. The multiplication of channel width (int32_t) by bytes_per_element in 32-bit signed arithmetic can overflow, causing an out-of-bounds write. The same pattern appears in two other HTJ2K paths.

CVE-2025-15661
Medium

The vulnerability in libssh2 up to version 1.11.1 (fixed in commit 2dae302) allows an out-of-bounds heap read in the sftp_symlink() function in src/sftp.c. A malicious SSH server or man-in-the-middle attacker can disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response.

CVE-2026-56099
Medium

A vulnerability in OpenBSD before commit 6a23123 (2026-06-18) in the mpls_do_error function within sys/netmpls/mpls_input.c allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

CVE-2026-48983
Medium

In versions prior to 0.9.2, pam_usb has a symlink race condition in per-device and per-user pad directory creation. A local attacker can exploit this vulnerability by replacing the target path with a symlink to a directory they control.

CVE-2026-48982
Medium

In versions prior to 0.9.2, pam_usb creates a temporary file without the O_EXCL flag when updating a one-time pad file. This can lead to a situation where two concurrent processes updating the same pad may both succeed, resulting in overwriting the pad value.

CVE-2026-48981
Medium

In versions prior to 0.9.2, pam_usb calls xmlReadFile() with flags=0 when loading the configuration file, allowing libxml2 to process external entity references (XXE). This can lead to outbound network connections or local file reads at XML parse time from the context of the authenticating process.

CVE-2026-48980
Medium

In versions prior to 0.9.2, the pam_usb module, responsible for hardware authentication on Linux, is vulnerable to environment variable injection. The XRDP_SESSION, DISPLAY, and TMUX variables can be manipulated by a local user, affecting the local and remote session checking logic.

CVE-2026-47847
Medium

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The default environment variables MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD are set to 'monitor' and 'monitor', creating a risk of unauthorized access.

CVE-2026-43915
Medium

In Coturn prior to version 4.11.0, a stored XSS vulnerability was found in the HTTPS web-admin interface. An attacker can create a TURN allocation with a crafted USERNAME value, causing HTML/JavaScript execution when an authenticated admin views the TURN session list.

CVE-2026-9692
Medium

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator uses low-entropy sources, making them predictable.

CVE-2026-55392
Medium

NILFS utilities up to version 2.3.0 have a validation issue with the s_log_block_size field in the NILFS2 superblock in the nilfs_sb_is_valid() function. Attackers can supply crafted NILFS2 images, leading to undefined behavior and crashes of tools like nilfs-tune and dumpseg.

CVE-2026-48937
Medium

A flaw in Node.js HTTP/2 server API allows servers to keep accepting data even after sending a `GOAWAY` frame. This affects **Node.js 22** and **Node.js 24**.

CVE-2026-47833
Medium

CVE-2026-47833 is a privilege escalation vulnerability from container to host via manipulation of the bpm.log file. A compromised process inside a bpm container can force the system to change the owner of any host file, leading to the exposure of passwords from the /etc/shadow file.

CVE-2026-48986
Medium

In pam_usb versions 0.9.1 and earlier, a bug can lead to an infinite loop DoS due to improper initialization of the *ppid variable. In the pusb_local_login() function, the same variable is reused as input and output in a loop, which can cause the authenticating process to hang.

CVE-2026-48985
Medium

In versions 0.9.1 and below, the pam_usb module can cause a NULL dereference crash when parsing loginctl output. The pusb_is_loginctl_local() function calls popen() and reads the result, which can lead to undefined behavior and crashing the PAM module.

CVE-2026-48984
Medium

In versions 0.9.1 and below, the xfree() function in pam_usb releases memory without first zeroing the buffer contents, leading to the exposure of sensitive data in freed memory. This could allow recovery of pad values or other authentication material from freed memory regions.

CVE-2026-56024
Medium

The WP EasyPay WordPress plugin contains a CSRF vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in administrator. The flaw affects all versions up to and including 4.5.0.

CVE-2026-56022
Medium

Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in version 2.641.

CVE-2026-56021
Medium

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

CVE-2026-55205
Medium

Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads.

PreviousPage 86 of 514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS