CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-49506
High

Dell Wyse Management Suite versions prior to WMS 5.5 HF1 contain a Path Traversal vulnerability. A high privileged attacker with remote access could exploit this to achieve Remote Code Execution.

CVE-2026-47154
Medium

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries, resulting in process termination. These messages must come from a device that has already joined the network.

CVE-2026-47153
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47152
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47151
High

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. Only devices that have already joined the network and support the Door Lock cluster may be impacted.

CVE-2026-47150
High

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited.

CVE-2026-47149
Medium

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These issues occur only in devices that have already joined the network.

CVE-2026-47148
Medium

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload, leading to process termination. These messages must come from a device that has already joined the network.

CVE-2026-47147
High

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester.

CVE-2026-47146
Medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. Only devices that have already joined the network and support the Color Control cluster may be impacted.

CVE-2026-47145
Medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. Only devices that have already joined the network and support the Color Control cluster may be impacted.

CVE-2026-46734
High

Dell Display and Peripheral Manager (DDPM Mac) versions prior to 2.3 contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVE-2026-46733
High

Dell Display and Peripheral Manager (DDPM) for Windows versions prior to 2.3 contain an Improper Access Control vulnerability. A low-privileged attacker with local access could exploit this to achieve code execution.

CVE-2026-46732
Medium

Dell Display and Peripheral Manager (DDPM) for macOS versions prior to 2.3 contain a Race Condition vulnerability due to concurrent execution using a shared resource without proper synchronization. A low-privileged attacker with local access could potentially exploit this vulnerability to achieve Elevation of Privileges.

CVE-2026-42390
Medium

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

CVE-2026-42389
Medium

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

CVE-2026-42388
Medium

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

CVE-2026-42387
Medium

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insufficient input validation.

CVE-2026-41120
Critical

A vulnerability in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) involves accepting extraneous untrusted data along with trusted data. This allows a low-privileged attacker with remote access to execute code on the vulnerable system.

CVE-2026-40012
Medium

The vulnerability affects the ECS (EDNS Client Subnet) mechanism in DNS servers. Zero-scoped ECS responses are stored in the packet cache even though they should not be cached. The issue occurs only in configurations with ECS enabled.

PreviousPage 176 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS