CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-47936
Medium

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.

CVE-2026-47935
Medium

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser.

CVE-2026-47641
Medium

An improper input validation vulnerability in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47640
Medium

Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-47639
Medium

A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into generated web pages. The attack can lead to user impersonation or session theft.

CVE-2026-47638
Medium

Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-47637
Medium

Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.

CVE-2026-47636
Medium

A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. This can lead to spoofing attacks and session hijacking.

CVE-2026-47287
Medium

Visual Studio Code has a relative path traversal vulnerability that allows an unauthorized attacker to tamper with data over a network.

CVE-2026-47284
Medium

Visual Studio Code has a vulnerability that allows an unauthorized attacker to disclose sensitive information over a network.

CVE-2026-45655
Medium

A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-45650
Medium

The user interface misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45647
Medium

A time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2026-45634
Medium

An out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

CVE-2026-45608
Medium

An out-of-bounds read vulnerability in the Windows DHCP Client allows an unauthorized attacker to disclose information locally. This flaw can be exploited to leak sensitive data from system memory.

CVE-2026-45606
Medium

An out-of-bounds read in the Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to locally deny service.

CVE-2026-45604
Medium

An out-of-bounds read in the Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-45595
Medium

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-45594
Medium

A vulnerability in the Windows Application Identity (AppID) Subsystem allows an unauthorized attacker to disclose sensitive information locally.

CVE-2026-45502
Medium

A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

PreviousPage 158 of 569Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS