CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•4 views

CVE-2026-48289

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

NVD•added yesterday•5 views

CVE-2026-48288

EUVD-2026-35576

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score

CVE•added yesterday•6 views

CVE-2026-48289

CVE-2026-48289 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can bypass security features and allow unauthorized write access. Exploitation requires user interaction, with the attacker needing a v...

Exploits0References1Affected Software1

Cvelist•added yesterday•21 views

CVE-2026-48289 Adobe Experience Manager | Improper Input Validation (CWE-20)

Vulnrichment•added yesterday•4 views

CVE-2026-48289 Adobe Experience Manager | Improper Input Validation (CWE-20)

Vulnrichment•added yesterday•3 views

CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)

CVE•added yesterday•5 views

CVE-2026-48288

CVE-2026-48288 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can result in a security feature bypass . A low-privileged attacker could bypass security controls and gain unauthorized write access. ...

Exploits0References1Affected Software1

Cvelist•added yesterday•20 views

CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)

Microsoft CVE•added yesterday•5 views

Chromium: CVE-2026-10892 Out of bounds write in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.0008EPSS

Exploits0

Xen Project•added yesterday•8 views

EUVD-2026-35436

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score

Exploits0References2

Arm: Completion of memory accesses not guaranteed by completion of a TLBI

ISSUE DESCRIPTION A hardware issue has been identified in certain Arm CPU designs. A broadcast TLBI on one PE may complete before affected memory accesses on another PE are globally observed. This may permit bypass of Stage 1 translation, Stage 2 translation, or GPT protection. The erratum occurs...

9.1CVSS5.4AI score0.00017EPSS

Exploits0

NVD•added yesterday•5 views

CVE-2026-49740

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS0.00246EPSS

Vulnrichment•added yesterday•3 views

CVE-2026-49740 TYPO3 CMS - Insecure Deserialization in Core API

6.3CVSS5.8AI score0.00246EPSS

CVE•added yesterday•9 views

CVE-2026-49740

TYPO3 CMS: Insecure deserialization in core API (VariableFrontend and Registry) allows crafting serialized payloads to trigger PHP Object Injection with local write access to the cache store or sys_registry table. Impact could lead to Remote Code Execution or other high-impact effects as per the ...

6.3CVSS5.8AI score0.00246EPSS

6.3CVSS5.8AI score0.00246EPSS

EUVD-2026-35401

Cvelist•added yesterday•21 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS0.0003EPSS

7.2CVSS5.5AI score0.00036EPSS

EUVD-2026-35392

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

CVE•added yesterday•13 views

CVE-2025-10263

CVE-2025-10263 affects Arm architectures (C1-Ultra, C1-Premium; Neoverse V3/V3AE/V2/V1/N2/N1; Cortex-X9/25/4/3/2/1/1C; Cortex-A710/A78/A78AE/A78C/A77/A76/A76A) where a write to a resource may occur under a lower EL than the owner. Impact described as potential privilege escalation to the hypervis...

9.1CVSS5.5AI score0.00017EPSS