EUVD-2026-35586

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-48569

CVE-2026-48569 affects Visual Studio Code. It is caused by improper input validation in the editor, enabling a local attacker to bypass a security feature. CVSSv3.1: LOCAL attack vector, HIGH impact on confidentiality, LOW on integrity, NONE on availability; user interaction required. Details in ...

CVE-2026-47281

CVE-2026-47281 affects Visual Studio Code and is due to improper input validation in the application. The vulnerability allegedly allows an unauthenticated attacker to elevate privileges over a network, with the impact described as high confidentiality, integrity, and availability. The CVSS 3.1 v...

EUVD-2026-35573

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-40376

CVE-2026-40376 affects Visual Studio Code. The root cause is improper input validation, enabling an unauthorized network-based user to elevate privileges. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack vector, high impact on confidentiality, integrity, and availability; user interacti...

CVE-2026-33113

CVE-2026-33113 describes an issue in Microsoft Office SharePoint where improper neutralization of input during web page generation enables an authorized attacker to perform spoofing over a network. Affected component: SharePoint Server. Root cause: cross-site scripting due to inadequate input han...

CVE-2026-45642

Microsoft Azure Attestation service and Device Health Attestation Service are affected by improper input validation, allowing an authorized attacker to perform spoofing with a physical attack. CVSS 3.1, base score 3.9 (LOW); attack vector Physical, privileges required High, integrity impact High,...

CVE-2026-48289

CVE-2026-48289 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can bypass security features and allow unauthorized write access. Exploitation requires user interaction, with the attacker needing a v...

CVE-2026-48289 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

CVE-2026-48289 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

CVE-2026-48288

CVE-2026-48288 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can result in a security feature bypass . A low-privileged attacker could bypass security controls and gain unauthorized write access. ...

CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

CVE-2026-24181 affects NVIDIA DALI. The issue is due to improper index validation in a component, enabling a local attacker with low privileges and user interaction to potentially cause code execution, data tampering, DoS, or information disclosure. NVIDIA’s security bulletin confirms the vulnera...

CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

CVE-2026-42771

CVE-2026-42771 describes a vulnerability in OpenSSL where an internal helper used by X509_VERIFY_PARAM_set1_email/set2_email validates the local part of an email addresses and may not enforce the 64-octet limit, causing an out-of-bounds read. This can lead to a crash (DoS) when an application pro...