Total CVEs

138,728

Critical Severity

3,597

High Severity

12,893

Last 7 Days

1,750
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 3,161 - 3,180 of 35,133 CVEs
CVE-2026-34695 HIGH - 7.8

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: InDesign Desktop
Published: Jun 09, 2026
Source: NVD
CVE-2026-34694 MEDIUM - 5.9

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim...

Vendor: Adobe
Product: Adobe Experience Manager Forms JEE
Published: Jun 09, 2026
Source: NVD
CVE-2026-34693 HIGH - 8.0

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim...

Vendor: Adobe
Product: Adobe Experience Manager Forms JEE
Published: Jun 09, 2026
Source: NVD
CVE-2026-34691 CRITICAL - 9.3

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser whe...

Vendor: Adobe
Product: Adobe Experience Manager Forms JEE
Published: Jun 09, 2026
Source: NVD
CVE-2026-28237 MEDIUM - 5.5

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.

Vendor: AMD
Product: AMD µProf
Published: Jun 09, 2026
Source: NVD
CVE-2026-0466 MEDIUM - 5.5

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.

Vendor: amd
Product: uprof
Published: Jun 09, 2026
Source: NVD
CVE-2025-54509

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

Published: Jun 09, 2026
Source: NVD
CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.

Published: Jun 09, 2026
Source: NVD
CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

Published: Jun 09, 2026
Source: NVD
CVE-2026-9211

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

Published: Jun 09, 2026
Source: NVD
CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Published: Jun 09, 2026
Source: NVD
CVE-2026-9076 HIGH - 7.5

Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial...

Vendor: openssl
Product: openssl
Published: Jun 09, 2026
Source: NVD
CVE-2026-7383 HIGH - 8.1

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In ASN...

Vendor: openssl
Product: openssl
Published: Jun 09, 2026
Source: NVD
CVE-2026-50508 MEDIUM - 6.5

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Published: Jun 09, 2026
Source: NVD
CVE-2026-50507 MEDIUM - 6.8

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Vendor: microsoft
Product: windows_10_1607
Published: Jun 09, 2026
Source: NVD
CVE-2026-49959 HIGH - 8.8

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations ...

Vendor: nesquena
Product: hermes-webui
Published: Jun 09, 2026
Source: NVD
CVE-2026-49958 MEDIUM - 5.0

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symli...

Vendor: nesquena
Product: hermes-webui
Published: Jun 09, 2026
Source: NVD
CVE-2026-49957 HIGH - 7.7

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate()...

Vendor: nesquena
Product: hermes-webui
Published: Jun 09, 2026
Source: NVD
CVE-2026-49956 MEDIUM - 6.5

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to re...

Vendor: nesquena
Product: hermes-webui
Published: Jun 09, 2026
Source: NVD
CVE-2026-49955 MEDIUM - 5.3

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the authentica...

Vendor: nesquena
Product: hermes-webui
Published: Jun 09, 2026
Source: NVD