Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34697 | HIGH | 7.8 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Jun 09, 2026 |
| CVE-2026-34696 | HIGH | 7.8 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context … | Jun 09, 2026 |
| CVE-2026-34695 | HIGH | 7.8 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Jun 09, 2026 |
| CVE-2026-34694 | MEDIUM | 5.9 | Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by … | Jun 09, 2026 |
| CVE-2026-34693 | HIGH | 8.0 | Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this … | Jun 09, 2026 |
| CVE-2026-34691 | CRITICAL | 9.3 | Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by … | Jun 09, 2026 |
| CVE-2026-28237 | UNKNOWN | — | Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability. | Jun 09, 2026 |
| CVE-2026-0466 | UNKNOWN | — | Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash … | Jun 09, 2026 |
| CVE-2025-54509 | UNKNOWN | — | Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD … | Jun 09, 2026 |
| CVE-2026-9213 | UNKNOWN | — | A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to … | Jun 09, 2026 |
| CVE-2026-9212 | UNKNOWN | — | Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change … | Jun 09, 2026 |
| CVE-2026-9211 | UNKNOWN | — | An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. | Jun 09, 2026 |
| CVE-2026-9210 | UNKNOWN | — | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and … | Jun 09, 2026 |
| CVE-2026-9076 | HIGH | 7.5 | Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap … | Jun 09, 2026 |
| CVE-2026-7383 | HIGH | 8.1 | Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: … | Jun 09, 2026 |
| CVE-2026-50508 | MEDIUM | 6.5 | Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | Jun 09, 2026 |
| CVE-2026-50507 | MEDIUM | 6.8 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | Jun 09, 2026 |
| CVE-2026-49959 | HIGH | 8.8 | Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration … | Jun 09, 2026 |
| CVE-2026-49958 | MEDIUM | 5.0 | Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files … | Jun 09, 2026 |
| CVE-2026-49957 | HIGH | 7.7 | Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return … | Jun 09, 2026 |
| CVE-2026-49956 | MEDIUM | 6.5 | Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the … | Jun 09, 2026 |
| CVE-2026-49955 | MEDIUM | 5.3 | Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options … | Jun 09, 2026 |
| CVE-2026-49848 | MEDIUM | 4.3 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. … | Jun 09, 2026 |
| CVE-2026-49847 | HIGH | 7.5 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. … | Jun 09, 2026 |
| CVE-2026-49843 | MEDIUM | 5.3 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. … | Jun 09, 2026 |