CVE-2026-11824

Summary: CVE-2026-11824 affects SQLite before 3.53.2 via the FTS5 full‑text search extension. A crafted database can trigger a heap‑based buffer overflow by manipulating continuation page metadata (szLeaf value

CVE-2026-48306

CVE-2026-48306 affects Substance3D Sampler versions 6.0.0 and earlier. The issue is an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious file. No remediation detai...

CVE-2026-34710

CVE-2026-34710 affects Substance3D – Sampler versions 6.0.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious file. The provi...

CVE-2026-48305

Substance3D Sampler (versions 6.0.0 and earlier) is affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. This is documented across CVE sources, inc...

CVE-2026-34709

CVE-2026-34709 concerns Substance3D Sampler, affected in 6.0.0 and earlier. The issue is an out-of-bounds write (CWE-787) in the software’s components, with the potential to execute arbitrary code in the context of the current user. Exploitation requires the user to open a malicious file, i.e., u...

CVE-2026-47106

CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...

CVE-2026-32856

Ellucian Banner Self-Service (before the April T2 release, 2025-04-23) contains a reflected XSS flaw in the dateConverter endpoint’s toDateFormat parameter. An unauthenticated attacker can craft a malicious URL to inject unsanitized input, causing the victim’s browser to execute arbitrary JavaScr...

CVE-2026-11822

SQLite before 3.53.2 is affected by memory corruption in the FTS5 extension. A crafted database with malformed FTS5 page data can trigger an out-of-bounds read in fts5LeafSeek via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate via a crafted continuation pag...

CVE-2026-6444

Technical details about CVE-2026-6444 are not present in the provided documents; only the high-level description is available. Monitor for updates.

CVE-2026-6445

CVE-2026-6445 affects Pure Storage FlashArray Purity. The issue is insufficient filtering of certain data paths, which could expose sensitive information to an authenticated user with low privileges. Root cause described as inadequate data-path filtering; impact includes high confidentiality, int...

CVE-2026-8863

CVE-2026-8863 affects multiple Microsoft-signed UEFI SHIM bootloaders and enables bypass of Secure Boot, allowing code execution before the OS loads. Root cause: vulnerable SHIM bootloaders; impact: bypass of Secure Boot and arbitrary code execution at boot. Remediation: block via a specific UEFI...

CVE-2026-10045

The CVE-2026-10045 entry affects Shenzhen Kangda Xin Intelligent Network Technology Co. router model DR300 (firmware version 2.1.2.121). The device reportedly ships with hardcoded login credentials and has Telnet enabled by default on both WAN and LAN interfaces, enabling remote read/write of mem...

CVE-2026-40639

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability (CVE-2026-40639). Affected software: Dell Client Platform BIOS. Root cause: weak encoding for password storage/verification. Impact: unauthenticated attacker with physical access could achieve Elevation of Privileges, w...

CVE-2026-44275

Dell/Alienware Purchased Apps (versions before 1.1.32.0) are affected by CVE-2026-44275: an Improper Link Resolution Before File Access (Link Following) vulnerability. A low-privilege local attacker could potentially write arbitrary files due to the underlying link-following flaw. The CVSS 3.1 ba...

CVE-2026-34707

CVE-2026-34707 concerns Adobe InCopy versions 21.3, 20.5.3 and earlier. The issue is described as a Heap-based Buffer Overflow in InCopy, which could permit arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malic...

CVE-2026-34706

CVE-2026-34706 affects Adobe InCopy 21.3, 20.5.3 and earlier, with an out-of-bounds write that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). No exploit details or patches are provided in the supplied...

CVE-2026-34708

InCopy (Adobe) versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability (CWE-121) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The issue is reporte...

CVE-2026-34701

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The CVSSv3.1 base score is 7.8 ( HIGH ) with...

CVE-2026-34704

CVE-2026-34704 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a NULL Pointer Dereference that can crash the application and cause a denial-of-service. Exploitation requires user interaction (victim must open a malicious file). No remediation details are provided in the s...

CVE-2026-34695

Summary: InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user . Exploitation requires the user to open a malicious file , i.e., a user interaction prerequisite. The available s...

CVE-2026-34700

CVE-2026-34700 affects Adobe InDesign Desktop (versions 21.3, 20.5.3 and earlier). The issue is an out-of-bounds write in the application, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file...

CVE-2026-34696

The vulnerability CVE-2026-34696 affects Adobe InDesign Desktop, including version 21.3 and 20.5.3 and earlier. The issue is a Use After Free weakness in the product’s handling of certain resources, leading to arbitrary code execution in the context of the current user. Exploitation requires user...

CVE-2026-34703

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL pointer dereference that can crash the application and cause a denial-of-service condition. Exploitation requires user interaction: the victim must open a malicious file. The available documents do not provide a remediation...

CVE-2026-34698

CVE-2026-34698 affects Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a heap-based buffer overflow in a component used by InDesign, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a maliciou...

CVE-2026-34705

CVE-2026-34705 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. It is an out-of-bounds read (CWE-125) vulnerability that could disclose sensitive memory. According to the documents, exploitation requires user interaction: a victim must open a malicious file. The CVSS metrics indicate a...

CVE-2026-34699

Affected software: InDesign Desktop versions 21.3, 20.5.3 and earlier. Vulnerability type: Heap-based Buffer Overflow (CWE-122) that could enable arbitrary code execution in the context of the current user. Impact: High (arbitrary code execution). Exploit requirement: User interaction—victim must...

CVE-2026-34697

CVE-2026-34697 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. It is a stack-based buffer overflow in a component used by InDesign that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file...

CVE-2026-48293

InDesign Desktop vulnerable versions are 21.3, 20.5.3 and earlier to an out-of-bounds write that can enable arbitrary code execution in the current user context. The issue requires user interaction: a victim must open a malicious file. Documented impact is high (CVE-2026-48293) with local attack ...

CVE-2026-34702

CVE-2026-34702 affects Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user . Exploitation requires user interaction, with the attacker delivering a malicious file that the...

CVE-2026-50511

CVE-2026-50511 describes an elevation-of-privilege vulnerability in Microsoft PC Manager caused by improper link resolution before file access ("link following"). An authorized attacker can achieve local privilege escalation. The issue has a CVSS v3.1 base score of 7.8 (High) with Local attack ve...

CVE-2026-50512

CVE-2026-50512 involves a missing authentication flaw in Microsoft PC Manager that enables an authorized attacker to locally elevate privileges. The CVSS v3.1 score is 7.8 ( HIGH ), with local attack vector, low complexity, and privileges required: LOW; impact to confidentiality, integrity, and a...

CVE-2026-50636

CVE-2026-50636 affects LimeSurvey’s RemoteControl API, specifically the invite_participants and remind_participants methods. The root cause is that caller-supplied token-ID arrays are concatenated directly into a tid IN ('...') clause in TokenDynamic::findUninvited() without parameterization or i...

CVE-2026-28237

AMD uProf exposes an issue described as unrestricted resource allocation that can be exploited to exhaust system resources, potentially impacting availability. The reports identify the affected component as AMD uProf, with local attack vector and low attack complexity, resulting in high impact on...

CVE-2026-50635

LimeSurvey Password Reset Host Header Injection: The system builds password-reset links from the client-supplied Host header without validating it; the default config leaves the allowlist undefined, so LSHttpRequest::checkIsAllowedHost() does nothing. A remote, unauthenticated attacker can reques...

CVE-2026-0466

CVE-2026-0466 involves AMD uProf with improper access control. A local user may write to the kernel-shared memory section, potentially causing a crash or denial of service. Documents reference AMD’s security bulletin AMD-SB-9025, but provide no version-specific details or remediation steps. No ex...

CVE-2026-41116

Dell Inventory Collector Client, versions prior to 13.8.0, contains an Improper Link Resolution Before File Access ("Link Following") vulnerability. A low-privileged attacker with local access could exploit this to achieve Arbitrary File Write. The available documents identify the affected produc...

CVE-2025-54509

CVE-2025-54509 describes improper access control for the IOMMU register interface, potentially allowing a privileged attacker using the AMD secure processor (ASP) to cause non-coherent accesses and induce loss of integrity. The vulnerability stems from access control weaknesses in the IOMMU regis...

CVE-2026-34693

Adobe Experience Manager Forms JEE (LTS SP1, 6.5.24.0 and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue could allow an attacker to inject malicious scripts into a page, potentially gaining elevated access or control over a victim’s account or session. Exp...

CVE-2026-34694

Adobe Experience Manager Forms JEE (LTS SP1, 6.5.24.0 and earlier) contains a stored Cross‑Site Scripting (XSS) vulnerability. The underlying issue allows a high‑privileged attacker to inject malicious scripts into vulnerable form fields, with Malicious JavaScript executed in a victim’s browser w...

CVE-2026-34691

Adobe Experience Manager Forms JEE (LTS SP1, 6.5.24.0 and earlier) are affected by a stored XSS in vulnerable form fields. Malicious JavaScript can execute in a victim’s browser when visiting pages containing the compromised field, potentially gaining elevated access or control over the user’s se...

CVE-2026-44804

CVE-2026-44804 affects Windows DWM Core Library and is due to a use-after-free vulnerability in the DWM Core Library. An authorized attacker can elevate privileges locally (local, low complexity, low privileges required) with a high impact on confidentiality, integrity, and availability. No explo...

CVE-2026-42993

CVE-2026-42993 describes a heap-based overflow in the Remote Desktop Client that allows an unauthenticated attacker to execute code over the network. The underlying issue is a heap-based buffer overflow in input handling within the client, leading to remote code execution with high impact (confid...

CVE-2026-44813

CVE-2026-44813 is a Windows vulnerability described as a use-after-free in the Windows DWM Core Library that enables an authorized local attacker to elevate privileges. The NVD/MSRC entries identify the affected component as the Windows DWM Core Library with an impact profile including local priv...

CVE-2026-44812

CVE-2026-44812 affects Windows graphics component Win32K GRFX, where an integer overflow/wraparound in GRFX can allow an unauthorized attacker to execute code locally. The CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Exploitation details are not provide...

CVE-2026-42987

The CVE-2026-42987 entry concerns a use-after-free in Windows Deployment Services (WDS) that enables an unauthenticated attacker to achieve remote code execution over the network . The associated CVSS 3.1 vector indicates network access, high impact on confidentiality, integrity, and availability...

CVE-2026-44803

CVE-2026-44803 describes an integer overflow/wraparound in Windows Win32K - GRFX that can allow a local attacker to execute code. The vulnerability is identified across multiple sources (NVD, CVE listing, and MSRC update page) and is classified with a high impact: local code execution, requiring ...

CVE-2026-44801

CVE-2026-44801 = heap-based buffer overflow in Remote Desktop Client enabling a remote code execution by an unauthenticated attacker over the network. Root cause: heap overflow; impact: remote execution of code. Affected software/version details are not provided in the documents. No exploit statu...

CVE-2026-42985

CVE-2026-42985 is described in connected sources as a heap-based buffer overflow in the Remote Desktop Client that allows an unauthenticated attacker to execute code over the network. The initial and connected docs provide the vulnerability description and a high CVSS score (8.8, HIGH) with netwo...

CVE-2026-44814

CVE-2026-44814 is an information-disclosure vulnerability in the Windows DWM Core Library due to an out-of-bounds read. An authorized, local attacker could disclose information. CVSS 3.1: L/L:P? The metrics indicate: Attack Vector: Local; Privileges Required: Low; User Interaction: None; Scope: U...

CVE-2026-44802

CVE-2026-44802 is a use-after-free in Windows DWM Core Library that enables a local privilege escalation by an authorized user. CVSS 3.1 base score 7.8 (High) with local attack vector, low attack complexity, and require low privileges with no user interaction; impact to confidentiality, integrity...