CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•7 views

CVE-2026-47909

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

6.3CVSS0.00042EPSS

EUVD•added 4 days ago•4 views

EUVD-2025-210087

image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zer...

8.7CVSS5.5AI score0.00098EPSS

Vulnrichment•added 4 days ago•3 views

CVE-2026-47909 Dreamweaver Desktop | Improper Input Validation (CWE-20)

6.3CVSS5.6AI score0.00042EPSS

Cvelist•added 4 days ago•32 views

CVE-2026-47909 Dreamweaver Desktop | Improper Input Validation (CWE-20)

6.3CVSS0.00042EPSS

CVE•added 4 days ago•6 views

CVE-2026-47909

Dreamweaver Desktop (Windows/macOS) prior to or equal to version 21.7 is affected by an Improper Input Validation vulnerability that can lead to arbitrary file system read. The issue allows access to sensitive files/directories outside the intended scope and requires user interaction: a victim mu...

6.3CVSS5.6AI score0.00042EPSS

Exploits0References1Affected Software1

EUVD•added 4 days ago•7 views

EUVD-2026-35806

6.3CVSS5.6AI score0.00042EPSS

Snyk•added 4 days ago•4 views

Collapse of Data into Unsafe Value

Overview Affected versions of this package are vulnerable to Collapse of Data into Unsafe Value incomplete validation of raw string arguments in certain IMAP command parameters such as criteria, searchkeys and attr. An attacker can cause commands to hang or trigger timeouts by supplying specially...

3.1CVSS5.4AI score0.00438EPSS

OSV•added 4 days ago•2 views

GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00438EPSS

Snyk•added 4 days ago•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the QUIC server when address validation is disabled. An attacker can crash the server by sending an initial packet with an invalid or expired token. Address validation is enabled by default, so this is...

8.7CVSS5.3AI score0.00042EPSS

Snyk•added 4 days ago•4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...

6CVSS5.5AI score0.00007EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-35459

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS5.4AI score0.00057EPSS

Exploits0References32

EUVD•added 4 days ago•4 views

EUVD-2026-35466

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations...

8.3CVSS5.7AI score0.00138EPSS

Exploits0References24

5CVSS5.6AI score0.00012EPSS

EUVD-2026-35706

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

Exploits0References6

3.5CVSS5.4AI score0.00064EPSS

EUVD-2026-35635

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00064EPSS

EUVD-2026-35714

EUVD•added 4 days ago•4 views

EUVD-2026-35689

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...

3.9CVSS5.4AI score0.00109EPSS

7.5CVSS5.5AI score0.00042EPSS

EUVD-2026-35481

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

Exploits0References5

EUVD•added 4 days ago•6 views

EUVD-2026-35488

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS5.5AI score0.00012EPSS