CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-40993
High

A vulnerability in Spring Security allows an attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).

CVE-2026-40988
High

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.

CVE-2026-9753
High

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff, potentially leading to memory out-of-bounds or crashing the server.

CVE-2026-9742
High

When OIDC authentication is enabled, clients may set specific values in the 'mechanism' parameter of the 'authenticate' command that lead to server crash. The 'authenticate' command is accessible to unauthenticated clients, resulting in pre-auth denial-of-service in affected product configurations.

CVE-2026-9740
High

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions.

CVE-2026-46374
High

SQLFluff is a modular SQL linter and auto-formatter that prior to version 4.2.0 had a vulnerability allowing untrusted users to submit malicious long SQL queries. This could lead to a Denial of Service attack through resource exhaustion.

CVE-2026-46373
High

SQLFluff is a modular SQL linter and auto-formatter that prior to version 4.1.0 had a vulnerability allowing untrusted users to submit malicious SQL queries. Such queries could lead to Denial of Service through resource exhaustion.

CVE-2026-34713
High

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.

CVE-2026-34712
High

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-34711
High

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.

CVE-2026-48292
High

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-48291
High

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47960
High

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an XXE (Improper Restriction of XML External Entity Reference) vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.

CVE-2026-47959
High

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47955
High

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47952
High

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47937
High

An Uncontrolled Search Path Element vulnerability in Acrobat Reader allows arbitrary code execution in the context of the current user. An attacker with high privileges can exploit this, requiring user interaction (opening a malicious file). The scope is changed.

CVE-2026-47932
HighEPSS 84%

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a 'Path Traversal' vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions.

CVE-2026-47931
High

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability without user interaction, and the scope is changed.

CVE-2026-47930
High

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access.

PreviousPage 153 of 3355Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS