CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-36722
Medium

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.

CVE-2025-55659
Medium

A NULL pointer dereference in the ctts_box_write function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2025-55658
Medium

GPAC MP4Box version 2.4 was found to contain a floating point exception in the gf_opus_parse_packet_header function, which may lead to application crashes. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

CVE-2025-55651
Medium

A NULL pointer dereference in the gf_isom_get_user_data_count function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

CVE-2023-43686
Medium

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later) that can cause the parser to ignore other browser configuration files when a large number of Firefox preference files are present, leading to a denial of service.

CVE-2026-44275
Medium

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.

CVE-2026-41116
Medium

Dell Inventory Collector Client, versions prior to 13.8.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.

CVE-2026-34705
Medium

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information.

CVE-2026-34704
Medium

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, resulting in a denial-of-service condition.

CVE-2026-34703
Medium

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application crashes. Exploitation of this vulnerability requires user interaction, as the victim must open a malicious file.

CVE-2026-34694
Medium

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A high-privileged attacker can inject malicious scripts into vulnerable form fields.

CVE-2026-28237
Medium

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.

CVE-2026-0466
Medium

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.

CVE-2025-54509
Medium

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

CVE-2026-9210
Medium

The vulnerable NETGEAR models have an insufficient input validation vulnerability that allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.

CVE-2026-50508
Medium

A vulnerability in Windows NTLM allows an unauthorized attacker to perform spoofing over a network, leading to the exposure of sensitive information.

CVE-2026-50507
MediumEPSS 91%

Missing authentication for a critical function in Windows BitLocker allows an unauthorized attacker to bypass a security feature through a physical attack.

CVE-2026-49958
Medium

Hermes WebUI before version 0.51.303 contains a TOCTOU vulnerability in the git_discard function that allows attackers to delete files outside the configured workspace boundary. This is possible by replacing a validated path component with a symlink after validation but before deletion.

CVE-2026-49956
Medium

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles. This enables attackers to send requests to the session search endpoint without active-profile filtering.

CVE-2026-49955
Medium

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion.

PreviousPage 139 of 552Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS