CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-47925
Medium

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application crashes. An attacker could exploit this vulnerability to cause a denial-of-service condition, requiring user interaction to open a malicious file.

CVE-2026-47924
Medium

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information.

CVE-2026-47923
Medium

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information.

CVE-2026-34416
Medium

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter.

CVE-2026-25557
Medium

Evoluted PHP Directory Listing Script version 4.0.5 contains a reflected XSS vulnerability in index.php where the dir parameter value is reflected without HTML encoding in the title element and in anchor href attributes in the breadcrumb navigation.

CVE-2026-47910
Medium

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.

CVE-2026-47909
Medium

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope.

CVE-2026-47106
Medium

Ellucian Banner Self-Service before the April T2 release in 2025 contains a stored XSS vulnerability in the course search functionality. Authenticated users with write access can inject malicious JavaScript into faculty and course fields.

CVE-2026-32856
Medium

Ellucian Banner Self-Service before the April T2 release in 2025 contains a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. Attackers can inject unsanitized input through the toDateFormat request parameter in the dateConverter endpoint.

CVE-2026-40639
Medium

The Dell Client Platform BIOS contains a weak encoding for passwords, which could be exploited by an unauthenticated attacker with physical access. Exploiting this vulnerability may lead to elevation of privileges.

CVE-2026-39170
Medium

SemCms version 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.

CVE-2026-36798
Medium

Multiple stack overflows were discovered in the formSetDebugCfgr function in Tenda G0 version 15.11.0.5, via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-36778
Medium

A stack overflow was discovered in the username parameter of the R7WebsSecurityHandler function in the Tenda O3 Wireless Router v1.0.0.5(4180). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-36777
Medium

A stack overflow was discovered in the param_1 parameter of the formSetCfm function in the Tenda W3 Wireless Router v1.0.0.3(2204). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2026-36773
Medium

A stack overflow was discovered in the Go parameter of the ask_to_reboot function in the Tenda W3 Wireless Router v1.0.0.3(2204). This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted input.

CVE-2026-36772
Medium

The Tenda W3 wireless router version 1.0.0.3(2204) contains a stack overflow vulnerability in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted input.

CVE-2026-36728
Medium

FastapiAdmin v2.2.0 has a markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into a chat message.

CVE-2026-36726
MediumEPSS 70%

Version 8.3 of the bookcars application contains a vulnerability that allows unauthenticated attackers to delete arbitrary files by exploiting directory traversal sequences in the /api/delete-temp-license/{file} endpoint.

CVE-2026-36725
Medium

FastapiAdmin v2.2.0 has a cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the notice_content parameter.

CVE-2026-36724
Medium

In version 2.2.0 of FastapiAdmin, an uncaught exception in the /application/job/update/{id} endpoint allows authenticated attackers with the module_task:job:update permission to trigger a Denial of Service (DoS) attack by manipulating the func field of scheduled tasks.

PreviousPage 138 of 552Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS