163937 matches found
CVE-2026-6444
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...
CVE-2026-6445
A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges...
CVE-2026-8863 CVE-2026-8863
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...
CVE-2026-10045 CVE-2026-10045
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-44275
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-34707 InCopy | Heap-based Buffer Overflow (CWE-122)
InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34706 InCopy | Out-of-bounds Write (CWE-787)
InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34708 InCopy | Stack-based Buffer Overflow (CWE-121)
InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34701 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34704 InDesign Desktop | NULL Pointer Dereference (CWE-476)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...
CVE-2026-34695 InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34700 InDesign Desktop | Out-of-bounds Write (CWE-787)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34696 InDesign Desktop | Use After Free (CWE-416)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34703 InDesign Desktop | NULL Pointer Dereference (CWE-476)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...
CVE-2026-34698 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34699 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34705 InDesign Desktop | Out-of-bounds Read (CWE-125)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a...
CVE-2026-34697 InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48293 InDesign Desktop | Out-of-bounds Write (CWE-787)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34702 InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-50511 Microsoft PC Manager Elevation of Privilege Vulnerability
...
CVE-2026-50512 Microsoft PC Manager Elevation of Privilege Vulnerability
...
CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection
The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
CVE-2026-50635 LimeSurvey Password Reset Host Header Injection Discloses Reset Token
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....
CVE-2026-28237
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...
CVE-2026-0466
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service...
CVE-2026-41116
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2025-54509
Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...
CVE-2026-34693 Adobe Experience Manager Forms JEE | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's...
CVE-2026-34694 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-34691 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...
CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
...
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
...
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
...
CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability
...
CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability
...
CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability
...
CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
...