CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-50511
High

Improper link resolution before file access in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-48293
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34708
High

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34707
High

InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34706
High

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34702
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction as the victim must open a malicious file.

CVE-2026-34701
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34700
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34699
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34698
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34697
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34696
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-34695
High

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction as the victim must open a malicious file.

CVE-2026-34693
High

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account.

CVE-2026-9213
High

A vulnerability in the affected NETGEAR gaming routers allows attackers to intercept and tamper with traffic between the router and the Internet, enabling code execution on the device.

CVE-2026-9212
High

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

CVE-2026-9211
High

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

CVE-2026-9076
High

The vulnerability concerns the password-based CMS decryption process, which may lead to a heap out-of-bounds read. An attacker can choose the encryption algorithm, resulting in a potential error in the kek_unwrap_key() function.

CVE-2026-7383
High

A heap buffer overflow may occur due to a signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_copy() and ASN1_mbstring_ncopy(). In the worst case, at 2^30 characters, the buffer size wraps to zero, leading to uncontrolled memory writes.

CVE-2026-49959
HighEPSS 56%

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file.

PreviousPage 165 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS