CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-49959
HighEPSS 56%

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file.

CVE-2026-49957
High

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks. Attackers can configure a remote terminal working directory to a system directory, enabling access to local system files.

CVE-2026-49847
High

In FreeSWITCH versions prior to 1.11.1, there is a vulnerability that allows remote denial of service by sending a single unauthenticated WebSocket frame containing a deeply nested JSON document. This causes a stack overflow, terminating all calls and sessions on the host.

CVE-2026-49842
High

In versions prior to 1.11.1, the mod_verto module in FreeSWITCH did not properly check authentication for the speed test protocol, allowing unauthorized users to request large amounts of data.

CVE-2026-49475
High

In versions prior to 1.11.0, FreeSWITCH has a vulnerability related to the processing of STUN packets that can lead to unauthorized memory access. The issue arises when the declared attribute length in the packet is shorter than the structure, causing reads and writes beyond the attribute's boundaries.

CVE-2026-49161
High

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

CVE-2026-49160
HighEPSS 80%

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

CVE-2026-48583
High

A use after free vulnerability in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-48578
High

An improper access control vulnerability in Windows Secure Boot allows an authorized attacker to elevate privileges locally.

CVE-2026-48576
HighEPSS 60%

A vulnerability in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. No CWE identifier is assigned for this issue.

CVE-2026-48575
High

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48574
High

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

CVE-2026-48573
HighEPSS 60%

A vulnerability in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. No CWE identifier has been assigned for this issue.

CVE-2026-48570
High

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48569
High

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-48568
High

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48565
High

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

CVE-2026-48563
High

A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-47656
High

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

CVE-2026-47654
High

A Use-After-Free vulnerability in the Remote Desktop Client allows an unauthorized attacker to execute code remotely over a network.

PreviousPage 151 of 3343Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS