CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In versions prior to 5.0.0 of vantage6, malicious algorithms can potentially access other algorithms' input and output files. The issue is fixed in version 5.0.0.
In versions prior to 5.0.0 of the vantage6 software, the default user `root` with the password `root` poses a significant security risk. Attackers can easily gain access to the system as many vantage6 servers have this user with admin rights.
In Steeltoe.Configuration.Abstractions versions 4.0.0 through 4.1.0, TLS credentials are written to temporary files that are world-readable on Linux. These files are never deleted, creating a risk of sensitive information exposure.
In Steeltoe projects prior to versions 3.4.0 (CloudFoundryBase), 4.2.0 (JwtBearer), and 4.2.0 (OpenIdConnect), there is an issue with the JWT signing key cache. The `kid` is used as the sole cache key, which can lead to unauthorized token validation in applications with multiple `JwtBearer` schemes pointing to different identity providers.
Steeltoe prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0 have all actuator endpoints defaulting to `EndpointPermissions.Restricted`, which may lead to unauthorized access to sensitive data. Sensitive endpoints such as heap dump, environment, and thread dump are not properly secured.
In versions 10.25.7 and below, the LiquidJS template engine incorrectly propagates the ownPropertyOnly value from the parent context, leading to a silent bypass. As a result, developers may inadvertently expose prototype-chain properties in unsafe renders.
In versions 10.25.7 and below of the LiquidJS template engine, the renderLimit option can be fully bypassed by using an empty {% for %} or {% tablerow %} tag. This allows for unlimited rendering time consumption, potentially leading to DoS attacks.
LiquidJS, a template engine compatible with Shopify/GitHub Pages, has a vulnerability to XSS in versions 10.25.7 and below due to a flaw in the strip_html filter logic. This flaw allows bypassing HTML sanitization, enabling attackers to inject malicious code.
The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. A malicious workspace with a name containing path traversal characters may allow an attacker to write arbitrary files to the user's system.
The unarchive internal module does not perform validation on file paths during archive extraction, relying on external tools, which may lead to unauthorized system access. Specifically, on systems with GNU tar < 1.34, a malicious archive can write files outside the intended extraction directory.
In versions prior to 5.0.0 of the vantage6 software, an attacker who gains access to a user's email account can reset the password and the 2FA token via email, reducing security to a single authentication factor (email access). Version 5.0.0 fixes this issue.
W SignalRGB w wersjach starszych niż 1.3.7.0 obiekt urządzenia \.\SignalIo został utworzony bez jawnego deskryptora zabezpieczeń SDDL oraz bez flagi FILE_DEVICE_SECURE_OPEN. Powoduje to nadmiernie liberalną domyślną kontrolę dostępu, umożliwiając każdemu uwierzytelnionemu użytkownikowi lokalnemu uzyskanie uchwytu do urządzenia i wysyłanie uprzywilejowanych żądań IOCTL.
Marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript.
XianYuLauncher is a Minecraft Java Edition launcher, in versions prior to 1.5.5, there was a risk of exposing sensitive authentication artifacts during a user-initiated login under certain local attack conditions. Affected versions relied on a fixed localhost redirect URI without PKCE or state validation.
The joserfc library in versions 1.3.4 through 1.6.5 accepts oversized JWS payloads without proper length checks, potentially leading to resource exhaustion. This issue has been fixed in version 1.6.7.
In CakePHP, versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, the View::_getElementFileName() function does not check if the resolved element path is within the allowed application/plugin view template paths. This weakness can be exploited to include other PHP files on the server using specifically crafted user-supplied data.
Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument.
markdown-it is a Markdown parser that contains a denial-of-service vulnerability in versions 14.1.1 and below when typographer: true is enabled. The issue arises from quadratic processing in the smartquotes rule, leading to excessive CPU consumption when parsing quote-heavy markdown.
Shaarli is a personal bookmarking service that versions 0.16.1 and prior contain a Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. The issue arises from malicious bookmark titles being returned via an AJAX response and inserted into the DOM without proper sanitization.
Evil-WinRM up to version 3.9 contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory. Attackers can exploit this vulnerability to overwrite sensitive client-side files, leading to persistent access or privilege escalation.

