CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
An out-of-bounds read vulnerability in Microsoft Office allows an unauthorized attacker to disclose information locally.
A heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
A protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to locally bypass a security feature.
An out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
The vulnerability exists in the EVP_PKEY_derive_set_peer() function, which improperly checks the subgroup membership of the peer key when a DHX (X9.42) key is used. A malicious peer can exploit this flaw to recover the victim's private key after a small number of key exchange attempts.
The CMS_decrypt and PKCS7_decrypt functions are vulnerable to a Bleichenbacher-style attack when an attacker can provide CMS or S/MIME messages and observe the error code and/or decryption output. This attack allows the use of the victim's vulnerable application to decrypt or sign messages with the victim's private RSA key.
A heap buffer overflow vulnerability was found in 389 Directory Server. The create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space, causing an overflow when a short cleartext password is logged.
A flaw in 389 Directory Server's LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.
CVE-2026-11764 allows the export of secrets related to gift cards even if the user does not have permission to view them. This violates security principles as only the first letters of the gift card secret are displayed in the UI and API.
The path allowance check in GeneralUtility::isAllowedAbsPath() did not require a directory separator boundary, allowing invalid paths to be accepted. Administrators could create new file storage definitions pointing to directories outside the project root.
Logic bypass vulnerability in the file system. Its exploitation may affect system availability.
CVE-2026-41974 describes a permission control vulnerability in service notifications. Successful exploitation of this vulnerability may affect system availability.
The Custom Block Builder WordPress plugin before version 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields. This allows administrators on multisite installations (or single-site installs with DISALLOW_UNFILTERED_HTML defined) to inject arbitrary JavaScript that executes for any visitor of pages embedding the affected block.
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.
A ReDoS vulnerability in Spring Framework allows an attacker to perform a denial of service attack by providing a specially crafted pattern to AntPathMatcher methods: match, matchStart, and extractUriTemplateVariables.
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, the SAP Business Objects application leaks sensitive information. This has a low impact on the confidentiality of the data.
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who compromised the renderer process to leak cross-origin data via a crafted HTML page.
Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement in Network in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page.

