CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application crashes. An attacker could exploit this vulnerability to cause a denial-of-service condition, requiring user interaction to open a malicious file.
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information.
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information.
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter.
Evoluted PHP Directory Listing Script version 4.0.5 contains a reflected XSS vulnerability in index.php where the dir parameter value is reflected without HTML encoding in the title element and in anchor href attributes in the breadcrumb navigation.
Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.
Ellucian Banner Self-Service before the April T2 release in 2025 contains a stored XSS vulnerability in the course search functionality. Authenticated users with write access can inject malicious JavaScript into faculty and course fields.
Ellucian Banner Self-Service before the April T2 release in 2025 contains a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. Attackers can inject unsanitized input through the toDateFormat request parameter in the dateConverter endpoint.
The Dell Client Platform BIOS contains a weak encoding for passwords, which could be exploited by an unauthenticated attacker with physical access. Exploiting this vulnerability may lead to elevation of privileges.
SemCms version 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.
Multiple stack overflows were discovered in the formSetDebugCfgr function in Tenda G0 version 15.11.0.5, via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A stack overflow was discovered in the username parameter of the R7WebsSecurityHandler function in the Tenda O3 Wireless Router v1.0.0.5(4180). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A stack overflow was discovered in the param_1 parameter of the formSetCfm function in the Tenda W3 Wireless Router v1.0.0.3(2204). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
A stack overflow was discovered in the Go parameter of the ask_to_reboot function in the Tenda W3 Wireless Router v1.0.0.3(2204). This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted input.
The Tenda W3 wireless router version 1.0.0.3(2204) contains a stack overflow vulnerability in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted input.
FastapiAdmin v2.2.0 has a markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into a chat message.
Version 8.3 of the bookcars application contains a vulnerability that allows unauthenticated attackers to delete arbitrary files by exploiting directory traversal sequences in the /api/delete-temp-license/{file} endpoint.
FastapiAdmin v2.2.0 has a cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the notice_content parameter.
In version 2.2.0 of FastapiAdmin, an uncaught exception in the /application/job/update/{id} endpoint allows authenticated attackers with the module_task:job:update permission to trigger a Denial of Service (DoS) attack by manipulating the func field of scheduled tasks.

