CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-33113
Medium

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can be performed remotely over a network.

CVE-2026-28301
Medium

A vulnerability that allows an attacker to provide a crafted external URL that may redirect a user to an unintended website.

CVE-2026-0420
Medium

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality.

CVE-2026-0418
Medium

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.

CVE-2026-0417
Medium

A vulnerability in NETGEAR devices related to insufficient input validation allows authenticated administrators on the local network to tamper with the router's integrity.

CVE-2026-0416
Medium

An insufficient input validation vulnerability in certain NETGEAR router models allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions. This can result in unauthorized modification of protected router software or functionality.

CVE-2026-0415
Medium

CVE-2026-0415 describes an insufficient input validation vulnerability in the listed NETGEAR models, allowing authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.

CVE-2026-0414
Medium

CVE-2026-0414 describes an insufficient input validation vulnerability in the listed NETGEAR models, allowing authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.

CVE-2026-0413
Medium

CVE-2026-0413 describes a buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models. It allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.

CVE-2026-0412
Medium

CVE-2026-0412 describes an insufficient input validation vulnerability in the NETGEAR JR6150 router, allowing administrators on the local network to make unauthorized modifications to the router's software and functionality.

CVE-2026-0410
Medium

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

CVE-2026-0409
Medium

A security issue in NETGEAR Orbi 370 series devices that could allow an attacker to intercept and tamper with traffic between the router and the Internet. This could enable the attacker to run commands on the device when the device administrator performs certain specific management actions.

CVE-2026-8045
Medium

A CWE-611 vulnerability related to improper restriction of XML External Entity Reference exists that could lead to information disclosure of server-side file contents. An attacker with a Data Center Expert user account can submit crafted XML payloads to SOAP service endpoints.

CVE-2026-49938
Medium

An improper access control vulnerability exists in Fortinet FortiPortal versions 7.4.0 through 7.4.7, 7.2.0 through 7.2.8, and all versions of 7.0. An attacker may exploit this vulnerability for unauthorized access.

CVE-2025-67862
Medium

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability in Fortinet FortiOS and FortiProxy allows an authenticated admin to execute lua scripts via crafted CLI commands. This affects multiple versions of FortiOS and FortiProxy.

CVE-2026-52905
Medium

A vulnerability was found in the Linux kernel's DAMON (Data Access Monitoring) subsystem. The damon_start() function did not validate whether the min_region_sz parameter is a power of two, allowing unaligned region address ranges. The issue has been fixed in a newer kernel version.

CVE-2026-52904
Medium

In the Linux kernel's Nouveau driver, a memory leak occurs when aperture_remove_conflicting_pci_devices() fails during probe. The error path does not properly release the nvkm_device structure, leaking both the device wrapper and the pci_enable_device() reference.

CVE-2026-49762
Medium

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion.

CVE-2026-47901
Medium

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes into their container element in the host DOM.

CVE-2026-47900
Medium

Logseq is vulnerable to stored XSS attacks. A malicious plugin can include a JavaScript payload in the 'name' field of its 'package.json', allowing arbitrary code execution in a privileged context.

PreviousPage 146 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS