CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-42216
Critical

In OpenEXR versions 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11, a vulnerability exists in the IDManifest::init() function. When reconstructing strings from a prefix-compressed representation, the code reads bytes without verifying that the current string has at least two bytes, potentially causing an out-of-bounds read.

CVE-2026-41203
Critical

CI4MS is a CodeIgniter 4-based CMS skeleton that prior to version 0.31.5.0 had a vulnerability in the Theme::upload function. It allows an authenticated backend user with theme creation permissions to upload ZIP files without validating entry names, leading to remote code execution.

CVE-2026-41202
Critical

In versions prior to 0.31.5.0, the Backup::restore function in CI4MS does not validate file names in uploaded ZIP archives, allowing an authenticated user to write files to arbitrary filesystem locations, potentially leading to remote code execution.

CVE-2026-41201
Critical

In version 0.31.4.0, CI4MS, based on CodeIgniter 4, has a vulnerability that allows full account takeover and privilege escalation via Stored DOM XSS in the backup module filename field. An attacker can manipulate this field using a SQL file to inject a hidden XSS payload.

CVE-2026-40982
Critical

A directory traversal vulnerability in Spring Cloud Config allows an attacker to read arbitrary files via a specially crafted URL. The issue affects the spring-cloud-config-server module serving text and binary files.

CVE-2026-40281
Critical

Gotenberg is a stateless API for PDF files that in versions 8.30.1 and earlier improperly validates metadata values. These values can contain newline characters, allowing injection of arbitrary ExifTool pseudo-tags, leading to serious security vulnerabilities.

CVE-2026-44112
Critical

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.

CVE-2026-44109
Critical

OpenClaw before version 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.

CVE-2026-43581
Critical

OpenClaw before version 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes the Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

CVE-2026-43578
Critical

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged context than intended.

CVE-2026-43575
Critical

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.

CVE-2026-7910
Critical

A use after free vulnerability in Views in Google Chrome prior to version 148.0.7778.96 allowed a remote attacker who compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-7908
Critical

A use after free vulnerability in Fullscreen in Google Chrome prior to version 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-41930
Critical

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials.

CVE-2026-0300
Critical

CVE-2026-0300 describes a buffer overflow vulnerability in the User-ID™ Authentication Portal service of Palo Alto Networks PAN-OS software, allowing an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets.

CVE-2026-5081
Critical

The vulnerability in the Apache::Session::Generate::ModUniqueId library versions 1.54 through 1.94 for Perl causes session IDs to be generated based on the UNIQUE_ID environment variable from the Apache mod_unique_id module. The ID relies on the IPv4 address, process ID, epoch time, a 16-bit counter, and a thread index, with no obfuscation, making it predictable and unsuitable for security purposes.

CVE-2026-43208
Critical

A vulnerability has been identified in the Linux kernel that has been resolved. The issue concerns passing flow_id to the set_rps_cpu() function, which may lead to out-of-bounds access and system crashes.

CVE-2026-43198
Critical

A race condition vulnerability was found in the Linux kernel's tcp_v6_syn_recv_sock() function. After calling tcp_v4_syn_recv_sock(), the child socket becomes visible in the TCP ehash table, but the pinet6 pointer still points to the listener's ipv6_pinfo, which can cause incorrect behavior.

CVE-2026-43125
Critical

In the Linux kernel, the DLM (Distributed Lock Manager) module lacks validation of the 'len' parameter in the dlm_search_rsb_tree function. This parameter originates from network messages and can exceed the DLM_RESNAME_MAXLEN limit, causing an out-of-bounds write.

CVE-2026-43117
Critical

W jądrze Linuxa rozwiązano podatność związaną z systemem plików btrfs, która występowała w funkcji btrfs_sync_file(). Użycie overlay na btrfs prowadziło do błędnego przypisania superbloku, co mogło skutkować awarią systemu.

PreviousPage 88 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS