Lucene search
K

364820 matches found

NVD
NVD
•added 2026/06/09 6:16 p.m.•19 views

CVE-2026-34691

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...

9.3CVSS0.00243EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•13 views

CVE-2026-28237

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS0.00098EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•17 views

CVE-2026-0466

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service...

6.8CVSS0.001EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•15 views

CVE-2025-54509

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

4CVSS0.00127EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•15 views

CVE-2026-9211

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...

8.8CVSS0.00235EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS0.00397EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS0.0027EPSS
Exploits0References24
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS0.00216EPSS
Exploits0References32
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS0.00297EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:17 p.m.•24 views

CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS0.00358EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:17 p.m.•25 views

CVE-2026-50508

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS0.00662EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-49957

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

7.7CVSS0.00421EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•8 views

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS0.00081EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS0.00945EPSS
Exploits0References4
NVD
NVD
•added 2026/06/09 5:17 p.m.•18 views

CVE-2026-50507

Missing authentication for critical function in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

6.8CVSS0.05011EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-49848

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS0.00172EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-49955

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS0.00586EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-49847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS0.00414EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•15 views

CVE-2026-49842

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS0.00449EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS0.00284EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•29 views

CVE-2026-49841

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

9.8CVSS0.00394EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-49161

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally...

7.8CVSS0.00239EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•15 views

CVE-2026-49475

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-49472

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS0.00223EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-49840

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS0.0031EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•21 views

CVE-2026-49160

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network...

7.5CVSS0.48438EPSS
Exploits2References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48575

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS0.00303EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-48574

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...

7.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-48583

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00267EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-48578

Improper access control in Windows Secure Boot allows an authorized attacker to elevate privileges locally...

7.9CVSS0.00268EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48576

No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS0.01028EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•23 views

CVE-2026-48566

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

5.5CVSS0.00388EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-48565

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00432EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•16 views

CVE-2026-48569

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS0.0035EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48570

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS0.00303EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-48568

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS0.00303EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-48573

No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS0.01029EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48301

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48562

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS0.00505EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-48304

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-48300

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-48299

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-48297

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-48560

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS0.00937EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-48563

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS0.0055EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-48271

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.00283EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-48268

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.00207EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-48266

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.00283EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-48289

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS0.00299EPSS
Exploits0References1
Total number of security vulnerabilities364820