CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-47934
Medium

The vulnerability in DNG SDK versions 1.7.1 2536 and earlier is caused by an out-of-bounds read, potentially leading to disclosure of sensitive memory. An attacker could exploit this to access confidential information, but user interaction is required as the victim must open a malicious file.

CVE-2026-47927
Medium

The vulnerability in DNG SDK versions 1.7.1 2536 and earlier is caused by an out-of-bounds read, which could lead to disclosure of sensitive memory. An attacker could exploit this to access confidential information, but user interaction is required as the victim must open a malicious file.

CVE-2026-47748
Medium

The stable-diffusion.cpp library, used for running diffusion models, has a vulnerability to an out-of-bounds read error in versions prior to master-584-0a7ae07. This issue arises from improper length checks during .ckpt file parsing, which can lead to reads past the end of the metadata buffer.

CVE-2026-12003
Medium

CVE-2026-12003 vulnerability concerns how Python handles the VPATH variable during builds from the source tree. On Windows, VPATH may point to a location outside the Python installation directory, potentially allowing low-privilege users to create files that could be used to access an alternative `Lib` folder.

CVE-2024-30476
Medium

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, which could lead to script execution in the client browser.

CVE-2024-22451
Medium

Dell Peripheral Manager versions from 1.5.1 to 1.7.2 contain an uncontrolled search path element vulnerability. An attacker could exploit this vulnerability by preloading a malicious executable, leading to arbitrary code execution.

CVE-2026-9307
Medium

A sensitive information disclosure issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, accessible to any unauthenticated user on the network.

CVE-2026-10831
Medium

A denial-of-service vulnerability exists in NPort devices due to improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands.

CVE-2026-10640
Medium

In Zephyr's IPv6 Neighbor Discovery implementation (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs), a use-after-free vulnerability exists. After a packet is successfully sent via net_send_data, the network stack releases the packet reference, and then the statistics code attempts to read the interface from the already freed memory block. This leads to memory safety violation (CWE-416).

CVE-2026-10639
Medium

A use-after-free vulnerability exists in Zephyr's native IPv4 stack in the icmpv4_handle_echo_request() function. After sending an ICMP Echo Reply, the code accesses a net_pkt structure that has already been freed, potentially reading from invalid memory. The issue is triggered when CONFIG_NET_STATISTICS_ICMP is enabled and can be exploited remotely by sending a ping.

CVE-2026-10638
Medium

A use-after-free vulnerability exists in the Zephyr networking stack in icmpv6.c. After a packet is sent via net_try_send_data(), the functions icmpv6_handle_echo_request() and net_icmpv6_send_error() access the freed packet, potentially causing a system crash or memory corruption.

CVE-2026-10637
Medium

A use-after-free vulnerability was found in the Zephyr network stack's mld_send() function for IPv6 MLD. After sending a packet via net_send_data(), the freed memory is read, potentially causing a crash or memory corruption. The issue is remotely triggerable without authentication by sending an MLDv2 query.

CVE-2024-22447
Medium

Dell Peripheral Manager versions prior to 1.7.3 contain an uncontrolled search path element vulnerability. An attacker could exploit this vulnerability to preload a malicious DLL, leading to arbitrary code execution.

CVE-2026-9507
Medium

A session fixation vulnerability has been identified in osTicket v1.18.2, allowing an attacker to hijack a victim’s account by keeping the initial session identifier (OSTSESSID) active after a successful login.

CVE-2026-53900
Medium

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain.

CVE-2026-53899
Medium

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site.

CVE-2026-12330
Medium

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.

CVE-2026-12329
Medium

A memory safety bug was fixed in Thunderbird ESR 140.12. This vulnerability was also patched in Firefox ESR 140.12 and Thunderbird 140.12.

CVE-2026-12325
Medium

Denial-of-service vulnerability in the Graphics: ImageLib component. This was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12323
Medium

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

PreviousPage 97 of 514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS