CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2025-52293
High

A segmentation violation in the gf_hevc_read_sps_bs_internal function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying crafted HEVC SPS data.

CVE-2025-52292
High

A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

CVE-2023-43688
High

An issue was discovered in Malwarebytes versions 4.x and 5.x, as well as Nebula from October 21, 2020, related to a heap buffer overflow. This affects various buffer encryption utilities.

CVE-2023-29146
High

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit).

CVE-2026-50636
High

The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL clause without parameterization or input validation. A remote, authenticated attacker can inject a crafted array element, leading to SQL injection vulnerability.

CVE-2026-50635
High

LimeSurvey constructs password-reset links based on the client-supplied HTTP Host header without validating it. The default configuration does not define an allowed hosts allowlist, allowing an attacker to take over an account by sending a spoofed password reset request.

CVE-2026-50512
High

Missing authentication for a critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-50511
High

Improper link resolution before file access in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-48293
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34708
High

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34707
High

InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34706
High

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34702
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction as the victim must open a malicious file.

CVE-2026-34701
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34700
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34699
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34698
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34697
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34696
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34695
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction as the victim must open a malicious file.

PreviousPage 152 of 3349Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS