CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-42973
Medium

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

CVE-2026-42972
Medium

A vulnerability in Windows Hyper-V allows an authorized attacker to disclose sensitive information locally. This issue involves the exposure of sensitive data to an unauthorized actor.

CVE-2026-42971
Medium

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

CVE-2026-42970
Medium

A vulnerability in Windows Push Notifications allows an authorized attacker to disclose sensitive information to an unauthorized actor locally.

CVE-2026-42969
Medium

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42968
Medium

An out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

CVE-2026-42915
Medium

Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to locally deny service.

CVE-2026-42914
MediumEPSS 52%

An out-of-bounds read vulnerability in Windows Kerberos allows an authorized attacker to cause a denial of service over the network.

CVE-2026-42907
MediumEPSS 53%

A vulnerability in Windows Shell allows an unauthorized actor to disclose sensitive information over the network. The attacker must be authenticated to exploit this flaw.

CVE-2026-42906
Medium

A vulnerability in Windows Shell allows an authorized attacker to disclose sensitive information locally.

CVE-2026-42903
Medium

A null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

CVE-2026-42771
Medium

CVE-2026-42771 concerns the X509_VERIFY_PARAM_set1_email function, which may lead to an out of bounds read when validating an email address. This can result in application crashes and denial of service.

CVE-2026-42769
Medium

An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level.

CVE-2026-42767
Medium

An attacker-controlled CMP server could trigger a NULL pointer dereference in a CMP client application, leading to application crashes.

CVE-2026-42766
Medium

A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption, leading to an application crash.

CVE-2026-42599
Medium

Svelte is a performance-oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties were included in the rendered HTML. This allowed attackers to inject malicious event handlers that could execute in victims' browsers.

CVE-2026-42573
Medium

Svelte prior to version 5.55.7 is vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks.

CVE-2026-3088
Medium

Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.

CVE-2026-35188
Medium

A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path.

CVE-2026-34692
Medium

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser.

PreviousPage 145 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS