CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption, leading to an application crash.
Svelte is a performance-oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties were included in the rendered HTML. This allowed attackers to inject malicious event handlers that could execute in victims' browsers.
Svelte prior to version 5.55.7 is vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks.
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path.
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser.
A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can be performed remotely over a network.
A vulnerability that allows an attacker to provide a crafted external URL that may redirect a user to an unintended website.
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality.
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
A vulnerability in NETGEAR devices related to insufficient input validation allows authenticated administrators on the local network to tamper with the router's integrity.
An insufficient input validation vulnerability in certain NETGEAR router models allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions. This can result in unauthorized modification of protected router software or functionality.
CVE-2026-0415 describes an insufficient input validation vulnerability in the listed NETGEAR models, allowing authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.
CVE-2026-0414 describes an insufficient input validation vulnerability in the listed NETGEAR models, allowing authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.
CVE-2026-0413 describes a buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models. It allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality.
CVE-2026-0412 describes an insufficient input validation vulnerability in the NETGEAR JR6150 router, allowing administrators on the local network to make unauthorized modifications to the router's software and functionality.
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.
A security issue in NETGEAR Orbi 370 series devices that could allow an attacker to intercept and tamper with traffic between the router and the Internet. This could enable the attacker to run commands on the device when the device administrator performs certain specific management actions.
A CWE-611 vulnerability related to improper restriction of XML External Entity Reference exists that could lead to information disclosure of server-side file contents. An attacker with a Data Center Expert user account can submit crafted XML payloads to SOAP service endpoints.
An improper access control vulnerability exists in Fortinet FortiPortal versions 7.4.0 through 7.4.7, 7.2.0 through 7.2.8, and all versions of 7.0. An attacker may exploit this vulnerability for unauthorized access.

