CVE-2026-48303

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction; the CVSS 3.1 vector is AV:N/AC:L/PR:N...

CVE-2026-11799

CVE-2026-11799 concerns a UXSS flaw in Focus for iOS and Klar WebKit navigation. The affected components are Focus for iOS and Klar for iOS, with a root cause not explicitly detailed in the provided documents beyond the UXSS classification. The vulnerability is rated HIGH (CVSS 3.1: AV:N/AC:L/PR:...

CVE-2026-25557

CVE-2026-25557 affects Evoluted PHP Directory Listing Script

CVE-2026-48291

Affected software: Format Plugins, versions 1.1.2 and earlier. Root cause: Heap-based buffer overflow. Impact: Arbitrary code execution in the context of the current user. Exploit information: Requires user interaction; a victim must open a malicious file. Notes: Details are taken from the CVE en...

CVE-2026-48292

Format Plugins versions 1.1.2 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). CVSSv3.1 base score 7.8 (HIGH); attack vector LOCAL, privileges...

CVE-2026-47932

CVE-2026-47932 — Path Traversal in Adobe ColdFusion affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an improper limitation of a pathname to a restricted directory, enabling a security feature bypass and potential access to unauthorized files/directories. Exploitation require...

CVE-2026-47929

CVE-2026-47929 affects Adobe ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an incorrect authorization vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the vulnerability could allow a hi...

CVE-2026-47960

CVE-2026-47960 summary ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference (XXE) that could lead to an arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th...

CVE-2026-47928

CVE-2026-47928 affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user . Exploitation is possible without user interaction, and the document set notes a scope chan...

CVE-2026-47931

This CVE affects Adobe ColdFusion versions 2023.19, 2025.8 and earlier. It is caused by improper input validation that could allow arbitrary code execution in the context of the current user, with exploitation not requiring user interaction. The connected advisories indicate updates have been rel...

CVE-2026-47930

CVE-2026-47930 affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an Improper Input Validation vulnerability that allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access, with exploitation not requiring user interaction. The CVSS...

CVE-2026-47933

CVE-2026-47933 affects ColdFusion versions 2023.19, 2025.8 and earlier. The vulnerability is a stored Cross-Site Scripting (XSS) flaw that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim visits a page containing the affected fiel...

CVE-2026-47937

CVE-2026-47937 affects Adobe Acrobat Reader up to version 24.001.30365 and 26.001.21651 (and earlier). The issue is an Uncontrolled Search Path Element (CWE-427) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction : a victim must o...

CVE-2026-47918

Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is affected by a Use After Free (CWE-416) vulnerability that can lead to arbitrary code execution in the current user context. Exploitation requires user interaction: the victim must open a malicious file. The CVSSv3.1 vector report...

CVE-2026-47916

The CVE-2026-47916 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier, with a Use After Free (CWE-416) that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). No remediation/version pa...

CVE-2026-47915

The CVE-2026-47915 entry identifies a Use After Free (CWE-416) vulnerability in Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier. The flaw could allow arbitrary code execution in the context of the current user and requires user interaction, with exploitation possible only after th...

CVE-2026-47923

CVE-2026-47923 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. It is a out-of-bounds read (CWE-125) vulnerability that can disclose sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. Impact is disclosed as high confidentiality im...

CVE-2026-47952

Acrobat Reader is affected by a Heap-based Buffer Overflow (CWE-122) in versions 24.001.30365, 26.001.21651 and earlier. The vulnerability could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, with the victim opening a malicious file. N...

CVE-2026-47917

CVE-2026-47917 affects Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier). The vulnerability is a Use After Free (CWE-416) in Acrobat Reader components that can lead to arbitrary code execution under the context of the current user. Exploitation requires user interaction: a vi...

CVE-2026-47955

Acrobat Reader is affected by a Use After Free (CWE-416) vulnerability (CVE-2026-47955) in versions 24.001.30365, 26.001.21651 and earlier. The issue can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a specially cra...

CVE-2026-47919

CVE-2026-47919 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. The issue is a Use After Free (CWE-416) vulnerability that could lead to arbitrary code execution in the context of the current user . Exploitation requires user interaction — the victim must open a malicious f...

CVE-2026-47924

Acrobat Reader is affected by CVE-2026-47924 (Use After Free, CWE-416). Affected versions include 24.001.30365 and 26.001.21651 and earlier. The issue arises from a Use After Free condition in Acrobat Reader, enabling disclosure of sensitive memory. The vulnerability requires user interaction, as...

CVE-2026-47926

CVE-2026-47926 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. The issue is an out-of-bounds read (CWE-125) in the application, leading to potential disclosure of sensitive memory. Exploitation requires user interaction —a victim must open a malicious file. The available d...

CVE-2026-47921

Acrobat Reader is affected by a Use After Free (CWE-416) in versions 24.001.30365, 26.001.21651 and earlier, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Root cause is use-after-free in the aff...

CVE-2026-47920

CVE-2026-47920 affects Adobe Acrobat Reader. Affected versions include 24.001.30365, 26.001.21651, and earlier. The issue is a Use-After-Free vulnerability in Acrobat Reader that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the...

CVE-2026-47961

CVE-2026-47961 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. The vulnerability is an out-of-bounds read (CWE-125) that could disclose sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. Affected component is within Acrobat Reade...

CVE-2026-47913

Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is affected by a Use After Free (CWE-416) vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The CVE is report...

CVE-2026-47914

CVE-2026-47914 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. The issue is a Use After Free (CWE-416) vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. C...

CVE-2026-47925

CVE-2026-47925 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. It is an integer overflow/wraparound (CWE-190) vulnerability that can crash the application, causing a denial-of-service condition. Exploitation requires user interaction: a victim must open a malicious file. N...

CVE-2026-47912

CVE-2026-47912 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. It is a Use After Free (CWE-416) vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a crafted file. The conn...

CVE-2026-47959

CVE-2026-47959 affects Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. It is a stack-based buffer overflow (CWE-121) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). No exploit...

CVE-2026-47911

Acrobat Reader has a CVE-2026-47911 out-of-bounds write vulnerability (CWE-787) affecting versions 24.001.30365, 26.001.21651 and earlier. Successful exploitation could allow arbitrary code execution in the current user context. Exploitation requires user interaction, with a victim opening a mali...

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

CVE-2026-47909

Dreamweaver Desktop (Windows/macOS) prior to or equal to version 21.7 is affected by an Improper Input Validation vulnerability that can lead to arbitrary file system read. The issue allows access to sensitive files/directories outside the intended scope and requires user interaction: a victim mu...

CVE-2026-47910

Dreamweaver Desktop (Windows/macOS)

CVE-2026-47907

Dreamweaver Desktop (Windows/macOS) version 21.7 and earlier is affected by an Improper Access Control vulnerability that permits arbitrary file system read outside the intended scope. The root cause is an access-control weakness that allows an attacker to access sensitive files and directories i...

CVE-2026-47906

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. No remediat...

CVE-2026-47908

Dreamweaver Desktop (Windows/macOS) affected: version 21.7 and earlier. Vulnerability is an Access of Uninitialized Pointer (CWE-824) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction—victim must open a malicious file. The CVSS 3....

CVE-2026-11824

Summary: CVE-2026-11824 affects SQLite before 3.53.2 via the FTS5 full‑text search extension. A crafted database can trigger a heap‑based buffer overflow by manipulating continuation page metadata (szLeaf value

CVE-2026-48306

CVE-2026-48306 affects Substance3D Sampler versions 6.0.0 and earlier. The issue is an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious file. No remediation detai...

CVE-2026-34710

CVE-2026-34710 affects Substance3D – Sampler versions 6.0.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious file. The provi...

CVE-2026-48305

Substance3D Sampler (versions 6.0.0 and earlier) is affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. This is documented across CVE sources, inc...

CVE-2026-34709

CVE-2026-34709 concerns Substance3D Sampler, affected in 6.0.0 and earlier. The issue is an out-of-bounds write (CWE-787) in the software’s components, with the potential to execute arbitrary code in the context of the current user. Exploitation requires the user to open a malicious file, i.e., u...

CVE-2026-47106

CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...

CVE-2026-32856

Ellucian Banner Self-Service (before the April T2 release, 2025-04-23) contains a reflected XSS flaw in the dateConverter endpoint’s toDateFormat parameter. An unauthenticated attacker can craft a malicious URL to inject unsanitized input, causing the victim’s browser to execute arbitrary JavaScr...

CVE-2026-11822

SQLite before 3.53.2 is affected by memory corruption in the FTS5 extension. A crafted database with malformed FTS5 page data can trigger an out-of-bounds read in fts5LeafSeek via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate via a crafted continuation pag...

CVE-2026-6444

Technical details about CVE-2026-6444 are not present in the provided documents; only the high-level description is available. Monitor for updates.

CVE-2026-6445

CVE-2026-6445 affects Pure Storage FlashArray Purity. The issue is insufficient filtering of certain data paths, which could expose sensitive information to an authenticated user with low privileges. Root cause described as inadequate data-path filtering; impact includes high confidentiality, int...

CVE-2026-8863

CVE-2026-8863 affects multiple Microsoft-signed UEFI SHIM bootloaders and enables bypass of Secure Boot, allowing code execution before the OS loads. Root cause: vulnerable SHIM bootloaders; impact: bypass of Secure Boot and arbitrary code execution at boot. Remediation: block via a specific UEFI...

CVE-2026-10045

The CVE-2026-10045 entry affects Shenzhen Kangda Xin Intelligent Network Technology Co. router model DR300 (firmware version 2.1.2.121). The device reportedly ships with hardcoded login credentials and has Telnet enabled by default on both WAN and LAN interfaces, enabling remote read/write of mem...