CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser.
An improper input validation vulnerability in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into generated web pages. The attack can lead to user impersonation or session theft.
Microsoft Office SharePoint has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
Microsoft Office SharePoint has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to perform spoofing over a network.
A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. This can lead to spoofing attacks and session hijacking.
Visual Studio Code has a relative path traversal vulnerability that allows an unauthorized attacker to tamper with data over a network.
Visual Studio Code has a vulnerability that allows an unauthorized attacker to disclose sensitive information over a network.
A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
The user interface misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
A time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
An out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
An out-of-bounds read vulnerability in the Windows DHCP Client allows an unauthorized attacker to disclose information locally. This flaw can be exploited to leak sensitive data from system memory.
An out-of-bounds read in the Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to locally deny service.
An out-of-bounds read in the Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
A vulnerability in the Windows Application Identity (AppID) Subsystem allows an unauthorized attacker to disclose sensitive information locally.
A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

