206304 matches found
CVE-2026-47954
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47947
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47953
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47946
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47942
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47943
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47945
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47949
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47951
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47936
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47926
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interacti...
CVE-2026-47944
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47910
Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...
CVE-2026-47923
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interacti...
CVE-2026-47941
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47924
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in...
CVE-2026-47641
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47939
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47925
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition...
CVE-2026-47909
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...
CVE-2026-47640
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47639
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47935
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47637
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47636
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47284
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-45655
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
CVE-2026-47638
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45634
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...
CVE-2026-45650
User interface ui misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-47287
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...
CVE-2026-45647
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
CVE-2026-45608
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...
CVE-2026-45502
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45500
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45501
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45594
Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...
CVE-2026-45604
Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...
CVE-2026-45595
Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-45606
Out-of-bounds read in Microsoft UxTheme Library uxtheme.dll allows an authorized attacker to deny service locally...
CVE-2026-45468
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45483
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network...
CVE-2026-45479
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45465
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45467
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45462
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45460
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
CVE-2026-45453
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-44821
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
CVE-2026-44814
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...