CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
UXSS vulnerability in Focus for iOS and Klar Webkit navigation. This was fixed in versions 151.3.1 for both applications.
The image-size library through version 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers, causing the application to hang indefinitely.
A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by tricking a victim into opening a malicious file. The scope of the vulnerability has changed.
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SQLite before version 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata.
SQLite versions before 3.53.2 contain memory corruption vulnerabilities in the FTS5 full-text search extension that can lead to process crashes, memory exhaustion, or arbitrary code execution. Attackers can exploit malformed FTS5 page data in a crafted database.
Multiple Microsoft-signed UEFI SHIM bootloaders are vulnerable to Secure Boot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads.
SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.
A buffer overflow vulnerability was discovered in the webAuthUserInfo parameter of the formAddWebAuthUser function in Tenda W20E version 15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A buffer overflow vulnerability was discovered in the macAddr parameter of the formDelStaState function in Tenda W20E version 15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A buffer overflow vulnerability was discovered in the picCropName parameter of the formCropAndSetWewifiPic function in Tenda W20E v15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A buffer overflow vulnerability was discovered in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function in Tenda W20E v15.11.0.6. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

