CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-42567
High

Svelte framework versions from 5.51.5 to before 5.55.7 contain an internal regex that can take exponential time to test in the <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.

CVE-2026-41108
High

A heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

CVE-2026-41098
High

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

CVE-2026-41092
High

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

CVE-2026-40409
High

A vulnerability in the UDFS file system driver in Windows allows for privilege escalation. An attacker can exploit this flaw to gain elevated privileges on the system.

CVE-2026-40404
High

A vulnerability in the UDFS file system driver in Windows allows for elevation of privilege. An attacker can exploit this flaw to gain higher privileges in the system.

CVE-2026-40376
High

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40371
High

Improper handling of insufficient permissions in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

CVE-2026-34335
High

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-34183
High

A remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. This can lead to unbounded memory allocation and abnormal termination of the application.

CVE-2026-34181
High

The PKCS#12 file processing fails to perform sufficient input validation for files using the PBMAC1 integrity mechanism, allowing for certificate and private key forgery.

CVE-2026-34180
High

The vulnerability concerns parsing a crafted DER-encoded ASN.1 structure with content exceeding 2 gigabytes. This may lead to a heap buffer over-read on Unix and Unix-like platforms, potentially causing application crashes or loading memory contents beyond the end of the input buffer into the ASN.1 object.

CVE-2026-33828
High

A trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

CVE-2026-32193
High

Microsoft Azure Kubernetes Service has an improper limitation of a pathname to a restricted directory, leading to a 'path traversal' vulnerability. This allows an authorized attacker to execute code locally.

CVE-2026-24181
High

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVE-2026-24180
High

NVIDIA DALI contains a vulnerability in a component that could lead to a heap-based buffer overflow. A successful exploit of this vulnerability might result in code execution, data tampering, denial of service, and information disclosure.

CVE-2026-22926
High

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

CVE-2026-0419
High

Insufficient input validation in the NETGEAR JR6150 allows users connected to local WiFi networks to execute operating system commands. The device has reached End-of-Support phase in 2018, and no further security updates are planned.

CVE-2026-0411
High

An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.

CVE-2026-49948
High

Mem0 versions up to 0.2.8 contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but does not validate the caller's role. Any authenticated user with a distributed API key can redirect traffic to an attacker-controlled server.

PreviousPage 172 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS