CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

CVE-2026-0410

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

EUVD-2026-35763

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...

CVE-2026-0410 Insufficient input validation in certain NETGEAR routers

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

CVE-2026-0410

CVE-2026-0410 affects certain NETGEAR routers. The issue is insufficient input validation that allows authenticated administrators on the local network to gain elevated access and make unauthorized changes to router software and functionality. The provided documents describe the affected conditio...

CVE-2026-0410 Insufficient input validation in certain NETGEAR routers

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from the possibility that authenticated administrators who are connected to the local network may gain elevated...

PT-2026-47815

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and...

BIT-KIBANA-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

CVE-2026-9095 CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

CVE-2026-34686 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...

CVE-2026-34686

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...

Dell iDRAC10 < 1.30.10.50 Insufficiently Protected Credentials (DSA-2026-187)

The version of Dell iDRAC10 installed on the remote host is affected by an insufficiently protected credentials vulnerability as referenced in the DSA-2026-187 advisory. - Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

EUVD-2026-26193

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

CVE-2026-35155

Dell iDRAC10 (versions 1.20.70.50 and 1.30.05.10) is affected by an Insufficiently Protected Credentials vulnerability due to a race condition that could let an authenticated, low-privileged attacker elevate privileges. The issue concerns credential protection handling within the affected compone...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

PT-2026-35868

Name of the Vulnerable Software and Affected Versions Dell iDRAC10 version 1.20.70.50 Dell iDRAC10 version 1.30.05.10 Description An insufficiently protected credentials issue exists due to a race condition, which is a situation where the system's substantive behavior is dependent on the sequence...