CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-55199
Medium

A vulnerability in libssh2 (up to version 1.1.1.1) allows a pre-authentication denial of service attack. A malicious SSH server can send a crafted extension count value (nr_extensions=0xFFFFFFFF) during key exchange, causing a client CPU exhaustion loop for over 60 seconds due to unchecked return values from _libssh2_get_string() and session timeout not applying to CPU-bound loops.

CVE-2026-48823
Medium

Shaarli, a personal bookmarking service, contains a stored XSS vulnerability in the tag filtering functionality in versions 0.16.1 and prior. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark, leading to the storage of a malicious payload in the database.

CVE-2026-48822
Medium

Shaarli is a personal bookmarking service that versions 0.16.1 and prior contain a Cross-Site Scripting (XSS) vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link.

CVE-2026-48817
Medium

A vulnerability in Starlette versions 1.0.1 and below allows an attacker to invoke internal methods not intended for HTTP request handling by using non-standard HTTP verbs. The issue stems from the lack of restriction on allowed HTTP methods when registering an endpoint via Route(...) without explicitly setting the methods= parameter.

CVE-2026-32682
Medium

A vulnerability in NGINX Gateway Fabric allows an authenticated remote attacker with permission to create or modify GRPCRoute resources to cause the control plane to terminate by sending specially crafted GRPCRoute configurations containing backendRef filters.

CVE-2026-10741
Medium

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

CVE-2026-55198
Medium

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data.

CVE-2026-55197
Medium

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles.

CVE-2026-53870
Medium

Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions, exposing conversation history and HMAC secrets to local users.

CVE-2026-9679
Medium

Undici's cookie parser (parseSetCookie) decodes cookie values, which can lead to HTTP response header injection. Applications that forward parsed cookie values into response headers become vulnerable to attacks such as session fixation or malicious redirects.

CVE-2026-9678
Medium

A vulnerability in Undici allows incorrect classification of responses as cacheable when Cache-Control headers contain whitespace. This can lead to authenticated user data being served to another user from the cache.

CVE-2026-48591
Medium

A vulnerability in the pragdave earmark library allows stored cross-site scripting via improper neutralization of HTML attribute values. Attribute values are not properly encoded, enabling XSS attacks.

CVE-2026-20265
Medium

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the 'admin' or 'power' roles could cause the toolkit to make outbound HTTP requests to a server controlled by an attacker, potentially leading to data exfiltration.

CVE-2026-20178
Medium

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability, and no customer action is needed.

CVE-2026-35069
Medium

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to script injection.

CVE-2026-20246
Medium

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.

CVE-2026-20220
Medium

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine.

CVE-2026-1288
Medium

A maliciously crafted RFA file, when converted to FormIt in Autodesk Revit, can trigger a NULL pointer dereference. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

CVE-2026-12515
Medium

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible.

CVE-2025-32748
Medium

Dell PowerFlex Manager versions prior to 5.1.0.1 contain a Host Header Injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to trigger redirections.

PreviousPage 90 of 514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS