CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-47911
High

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-11799
High

UXSS vulnerability in Focus for iOS and Klar Webkit navigation. This was fixed in versions 151.3.1 for both applications.

CVE-2025-71319
High

The image-size library through version 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers, causing the application to hang indefinitely.

CVE-2026-6445
High

A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.

CVE-2026-6444
High

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.

CVE-2026-48306
High

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-48305
High

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47908
High

Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-47907
High

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by tricking a victim into opening a malicious file. The scope of the vulnerability has changed.

CVE-2026-47906
High

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34710
High

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34709
High

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-11824
High

SQLite before version 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata.

CVE-2026-11822
High

SQLite versions before 3.53.2 contain memory corruption vulnerabilities in the FTS5 full-text search extension that can lead to process crashes, memory exhaustion, or arbitrary code execution. Attackers can exploit malformed FTS5 page data in a crafted database.

CVE-2026-8863
High

Multiple Microsoft-signed UEFI SHIM bootloaders are vulnerable to Secure Boot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads.

CVE-2026-39169
High

SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.

CVE-2026-36823
High

A buffer overflow vulnerability was discovered in the webAuthUserInfo parameter of the formAddWebAuthUser function in Tenda W20E version 15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-36822
High

A buffer overflow vulnerability was discovered in the macAddr parameter of the formDelStaState function in Tenda W20E version 15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-36821
High

A buffer overflow vulnerability was discovered in the picCropName parameter of the formCropAndSetWewifiPic function in Tenda W20E v15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-36820
High

A buffer overflow vulnerability was discovered in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function in Tenda W20E v15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

PreviousPage 162 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS