Skip to main content
CVE-2026-48562 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated attacker with low-level network access to inject malicious scripts into SharePoint-generated web pages, resulting in spoofing attacks against other users. The vulnerability requires victim interaction to trigger script execution, limiting automated exploitation. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; the CVSS score of 4.6 reflects the constrained impact and authentication prerequisite.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-47640 MEDIUM PATCH This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated network attacker to inject malicious scripts into SharePoint-generated web pages, enabling spoofing attacks against other authenticated users. Affected products span three active SharePoint server product lines - Enterprise Server 2016, Server 2019, and Subscription Edition - all sharing the 16.0.x codebase, with vendor-released patches now available per MSRC. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-47638 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated low-privilege network attacker to inject malicious script content into SharePoint pages, enabling spoofing attacks against victim users who render the affected content. Three product lines are affected: SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, all at specific 16.0.x build levels. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.6 Medium score reflects meaningful risk reduction from the dual prerequisites of authenticated access and required victim interaction.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-47637 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (Subscription Edition, 2019, and 2016) enables an authenticated low-privileged attacker to inject malicious scripts into web pages served to other users, resulting in spoofing over the network. The CVSS vector (PR:L/UI:R/S:U) confirms exploitation requires valid credentials and victim interaction, constraining the attack surface to authenticated SharePoint environments where a user can be induced to visit attacker-controlled content. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-45479 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated network attacker to perform spoofing attacks by injecting malicious script into web page content. Affected products include SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition across all builds below their respective patched versions. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; the CVSS score of 4.6 reflects the mandatory user interaction and constrained confidentiality/integrity impact.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-45462 MEDIUM PATCH Exploit Unlikely This Month

Stored or reflected cross-site scripting in Microsoft SharePoint Server enables an authenticated network attacker to perform spoofing attacks against other users by injecting malicious script into web page output. Affected products span three SharePoint Server product lines - 2016 Enterprise, 2019, and Subscription Edition - all on build version 16.0.x below their respective patched thresholds. Microsoft has released patches across all affected branches; no public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-6899 MEDIUM PATCH This Month

Improper certificate revocation checking in S2OPC's CycloneCrypto wrapper permits OPC UA connections authenticated with revoked certificates. The library evaluates only the first Certificate Revocation List (CRL) matching a given CA and silently discards any additional valid CRLs issued by that same CA - meaning a certificate listed exclusively in a secondary CRL passes validation unchallenged. With CVSS 5.6 (AV:N/AC:H/PR:N/UI:N), all published versions of systerel/s2opc are affected per CPE. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure S2Opc
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-11618 MEDIUM This Month

Unauthenticated remote access to the Source Connection Test endpoint in DTStack Taier up to 1.4.0 is possible because the `preHandle` method in `LoginInterceptor.java` does not invoke `tokenService.decryption(token)`, allowing any network-reachable caller to bypass authentication entirely. The same patch commit reveals that `ConnFactory.getSimpleConn()` also lacked JDBC URL sanitization, meaning an unauthenticated attacker could supply dangerous parameters such as `autoDeserialize` or `allowLoadLocalInfile` to a malicious MySQL-compatible server, elevating the real-world impact well above the assigned CVSS 5.5 Medium rating. Publicly available exploit code exists (CVSS E:P confirmed); no CISA KEV listing is confirmed at time of analysis.

Authentication Bypass Java
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-45594 MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in the Windows Application Identity (AppID) Subsystem exposes sensitive data to locally authenticated, low-privileged attackers across a broad range of Windows 10, Windows 11, and Windows Server versions. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that exploitation requires only a local session with standard user privileges - no elevated rights or user interaction needed. No public exploit code or CISA KEV listing has been identified at time of analysis, but the wide affected surface spanning consumer and server SKUs makes patching a meaningful priority in multi-user or shared-system environments.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42972 MEDIUM PATCH Exploit Unlikely This Month

Local information disclosure in Windows Hyper-V enables an authenticated low-privileged attacker to access sensitive data they are not authorized to read, without any user interaction. Affected systems span a broad range of Windows desktop and server editions from Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis and no CISA KEV listing; however, the high confidentiality impact (C:H) and breadth of affected versions make this a meaningful patching priority, particularly in multi-tenant virtualization environments.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42906 MEDIUM PATCH Exploit Unlikely This Month

Windows Shell exposes sensitive information to locally authenticated, low-privileged attackers without requiring user interaction or elevated privileges. The vulnerability (CWE-200) results in high confidentiality impact, allowing disclosure of sensitive data accessible through the Shell component. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, though the Microsoft Security Response Center (MSRC) has acknowledged the issue via advisory.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-48566 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Desktop Window Manager (DWM) Core Library exposes sensitive memory contents to locally authenticated, low-privileged attackers on Windows 11 and Windows Server 2025. The flaw (CWE-125) allows a standard user to read beyond an allocated buffer boundary within the DWM process, resulting in high-confidence information disclosure with no integrity or availability impact. Microsoft has released patches covering all affected build ranges; no public exploit code has been identified at time of analysis.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45634 MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45606 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft's UxTheme Library (uxtheme.dll) enables a locally authenticated attacker to crash the affected Windows system, resulting in denial of service. The vulnerability spans a broad swath of Windows releases - from Server 2012 through Windows 11 26H1 and Windows Server 2025 - making patch surface management critical for enterprise environments. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45604 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Application Identity (AppID) Subsystem exposes sensitive kernel or process memory to a local authenticated attacker without requiring elevated privileges or user interaction. Affected builds span Windows 11 versions 23H2 through 26H1 and Windows Server 2025, including Server Core installations. No public exploit code has been identified at time of analysis and this CVE does not appear in the CISA KEV catalog, though the high confidentiality impact (CVSS C:H) indicates meaningful data exposure potential when triggered.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44814 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow Windows 11 26h1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44805 MEDIUM PATCH This Month

Use-after-free in the Windows Network Controller (NC) Host Agent enables a locally authenticated attacker to crash the service, resulting in a denial of service on affected Windows Server deployments. The vulnerability carries a CVSS score of 5.5 (Medium) with local attack vector and low-privilege requirements, limiting its blast radius to service availability - confidentiality and integrity are unaffected. No public exploit code exists and CISA KEV listing is absent at time of analysis, though a vendor patch from Microsoft is available and should be prioritized on Windows Server deployments leveraging Software Defined Networking.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42968 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-47924 MEDIUM This Month

Use After Free memory disclosure in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 (and earlier) exposes sensitive process memory contents when a victim opens a specially crafted malicious file. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the attack is local, requires no privileges, but mandates user interaction - the victim must manually open the attacker-supplied document. Impact is limited to confidentiality (C:H), with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Adobe Use After Free Memory Corruption Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34657 MEDIUM This Month

Path traversal in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits arbitrary file writes outside the intended extraction directory when a victim opens a maliciously crafted C2PA content credentials file. The CVSS vector confirms a local attack surface (AV:L) with high integrity impact (I:H) and no confidentiality or availability impact, meaning an attacker's primary capability is unauthorized file placement on the target filesystem. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Path Traversal Cai Content Credentials
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47923 MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier exposes sensitive memory contents to an attacker who can deliver a malicious PDF to a victim. The CVSS vector (AV:L/AC:L/PR:N/UI:R) confirms low complexity with no privilege prerequisite, but requires local file execution - the victim must open the crafted document. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information disclosure risk with no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47926 MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier enables sensitive memory disclosure when a victim opens a specially crafted file. The vulnerability (CWE-125) exposes potentially high-value in-memory data - including heap addresses or document contents - but cannot be leveraged for code execution or system modification based on available data. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, though the vendor-confirmed advisory (APSB26-63) establishes this as a real, patched issue.

Information Disclosure Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47961 MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader exposes sensitive process memory when a victim opens a specially crafted PDF file. Affected versions include 24.001.30365, 26.001.21651, and all earlier releases across both tracks. The vulnerability carries a high confidentiality impact (C:H) with no integrity or availability consequence, making it a targeted information disclosure primitive rather than a code execution path. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47925 MEDIUM This Month

Integer overflow in Adobe Acrobat Reader triggers an application crash when processing a specially crafted file, resulting in a denial-of-service condition. Versions 24.001.30365 and 26.001.21651 and earlier are confirmed affected per Adobe advisory APSB26-63. Impact is limited to availability - no confidentiality or integrity compromise is possible - and no public exploit or active exploitation has been identified at time of analysis.

Denial Of Service Adobe Integer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-52904 MEDIUM PATCH This Month

Memory leak in the Linux kernel's drm/nouveau subsystem exposes systems with NVIDIA GPUs using the open-source nouveau driver to local denial of service. When aperture_remove_conflicting_pci_devices() fails during PCI device probe, the error path bypasses the fail_nvkm cleanup label, permanently leaking both the nvkm_device wrapper and the pci_enable_device() reference taken inside nvkm_device_pci_new(). No public exploit exists and EPSS sits at the 5th percentile (0.02%), confirming negligible exploitation probability; however, patched stable releases are available across multiple kernel branches.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46329 MEDIUM PATCH This Month

Improper end-of-filesystem boundary handling in the Linux kernel EROFS driver for file-backed mounts causes a denial-of-service condition when I/O requests exceed the filesystem image boundary. Affected kernels spanning multiple stable branches fail to zero-fill out-of-bounds I/O regions as expected (analogous to loopback device behavior), producing undefined kernel behavior that results in availability loss. No public exploit has been identified and EPSS is 0.02% (5th percentile), indicating negligible opportunistic exploitation probability; patches are confirmed available across stable branches 6.12.x, 6.18.x, 6.19.x, and 7.0.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46318 MEDIUM PATCH This Month

Lock resource leak in Linux kernel hugetlbfs subsystem enables local denial of service against systems using huge page memory mappings. Introduced by a faulty commit (ea52cb24cd3f) that incorrectly handled VMA lock allocation during the mmap_prepare stage, the defect allows a failed post-mmap_prepare allocation to leave a VMA lock unreleased, leaking kernel resources. This CVE documents the corrective revert; systems running affected kernel versions (around 6.19 through pre-7.0.12 and pre-7.1-rc6) with hugetlbfs in use are exposed to potential availability impact. No public exploit code exists and EPSS probability is 0.02% (5th percentile), indicating very low real-world exploitation activity.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46315 MEDIUM PATCH This Month

Stale kernel memory disclosure in the Linux kernel's io_uring IORING_OP_WAITID operation allows a local low-privileged user to read arbitrary bytes from reused io_kiocb command storage via the userspace siginfo output buffer. The io_uring prep path for waitid requests fails to zero-initialize the io_waitid::info result field, meaning that when a wait completes without a child event the kernel copies whatever bytes happen to occupy that slab slot into the caller's siginfo_t. No public exploit has been identified at time of analysis; EPSS at 0.02% (5th percentile) reflects low current exploitation probability.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55651 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-52905 MEDIUM PATCH This Month

Denial-of-service in the Linux kernel's DAMON (Data Access MONitor) subsystem allows a local low-privileged user to crash the kernel by supplying a non-power-of-two `min_region_sz` value through the DAMON sysfs interface and invoking `damon_start()`. The flaw is an incomplete remediation: commit c80f46ac228b fixed the same class of bug for the `damon_commit_ctx()` code path but left `damon_start()` - reachable via DAMON sysfs - without the `is_power_of_2()` guard. No public exploit exists and EPSS sits at 0.02% (4th percentile), indicating negligible real-world exploitation probability; no CISA KEV listing has been issued.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34704 MEDIUM This Month

NULL Pointer Dereference in Adobe InDesign Desktop versions 21.3 and 20.5.3 and earlier allows a local attacker to crash the application by delivering a crafted document file that a victim must open, resulting in a denial-of-service condition with no confidentiality or integrity impact. Exploitation is constrained by mandatory user interaction (UI:R) and a local attack vector (AV:L), significantly limiting real-world risk beyond targeted social-engineering scenarios involving design professionals. No public exploit code has been identified and CISA has not added this to the Known Exploited Vulnerabilities catalog.

Denial Of Service Null Pointer Dereference Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34703 MEDIUM This Month

NULL Pointer Dereference in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier enables a denial-of-service condition by crashing the application when a victim opens a specially crafted malicious file. The vulnerability carries no confidentiality or integrity impact - availability is the sole affected component. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, limiting its urgency relative to higher-severity Adobe vulnerabilities.

Denial Of Service Null Pointer Dereference Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34705 MEDIUM This Month

Out-of-bounds read in Adobe InDesign Desktop versions 21.3 and 20.5.3 (and earlier) exposes sensitive process memory when a victim opens a specially crafted document file. The vulnerability carries a high confidentiality impact (CVSS C:H) with no integrity or availability impact, making it a targeted information-disclosure primitive - useful for memory leak-assisted exploitation chains or direct leakage of in-memory content such as document data, credentials, or heap pointers. No public exploit code has been identified and this CVE does not appear in CISA KEV at time of analysis, but its social-engineering-friendly delivery mechanism (malicious file open) makes it a realistic phishing vector against creative industry targets who routinely handle external InDesign files.

Information Disclosure Buffer Overflow Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-41980 MEDIUM This Month

Insufficient permission enforcement in the HarmonyOS file preview module allows a local, unprivileged attacker to access sensitive file contents without authorization. Affecting Huawei HarmonyOS (all versions per CPE wildcard), the flaw is classified as CWE-200 and carries a CVSS 5.5 Medium score, with high confidentiality impact but no integrity or availability exposure. No public exploit identified at time of analysis, and Huawei disclosed this vulnerability via its June 2026 security bulletin.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-41979 MEDIUM This Month

Permission control failure in the HarmonyOS print module allows a local attacker - without requiring elevated privileges - to compromise system integrity through user-triggered interaction. The vulnerability resides in Huawei's HarmonyOS, disclosed via the June 2026 Huawei Security Bulletin, and carries a CVSS 5.5 (Medium) rating. No public exploit code has been identified at time of analysis, and it does not appear in the CISA KEV catalog, though the high integrity impact warrants attention in enterprise HarmonyOS deployments.

Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-11620 MEDIUM This Month

Incorrect privilege assignment in the vsftpd service of TOTOLINK EX200 firmware 4.0.3c.7646 (B20201211) permits remote unauthenticated attackers to perform unauthorized write operations against the device over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no special attack preconditions, making this broadly reachable. Publicly available exploit code exists (E:P per CVSS supplemental metrics and confirmed in description); no active exploitation via CISA KEV has been identified at time of analysis.

Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-11701 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Guest View component prior to 149.0.7827.103 enables a remote unauthenticated attacker to deceive users about page content or origin by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms exploitation requires no privileges and no special network position, but does require the victim to visit a malicious page. With an EPSS score of 0.05% at the 15th percentile and no CISA KEV listing, real-world exploitation is currently assessed as low probability, though the zero-friction delivery mechanism (a link) keeps the attack surface broad.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-11666 MEDIUM PATCH This Month

UI spoofing in Google Chrome prior to 149.0.7827.103 enables remote unauthenticated attackers to deceive users into interacting with falsified browser interface elements via a crafted HTML page. The vulnerability exploits insufficient input validation in Chrome's Input component (CWE-20), carrying a moderate CVSS 5.4 with confirmed low confidentiality impact and an Information Disclosure tag suggesting data exposure risk through spoofed UI surfaces such as fake dialogs or address bar manipulation. EPSS probability is very low at 0.05% (15th percentile), no public exploit has been identified, and no CISA KEV listing exists at time of analysis.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-47933 MEDIUM This Month

Stored XSS in Adobe ColdFusion (2023.x through 2023.19 and 2025.x through 2025.8) enables a low-privileged attacker on an adjacent network to inject persistent malicious JavaScript into vulnerable form fields. When a victim user browses to the page containing the stored payload, the script executes in their browser context, with scope change indicating impact can extend beyond the immediate ColdFusion application - such as session hijacking or unauthorized browser-side actions. No public exploit code or CISA KEV listing has been identified at time of analysis; EPSS data was not provided in source intelligence.

XSS Coldfusion
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48304 MEDIUM This Month

Stored XSS in Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, and 2026.04 and earlier allows a low-privileged authenticated attacker to inject persistent malicious JavaScript into vulnerable form fields. When any user - including higher-privileged administrators - browses a page containing the injected field, the script executes in their browser under the AEM origin, with scope change (S:C per CVSS) enabling impact beyond the authoring component itself. No public exploit code or active exploitation has been identified at time of analysis; however, the persistent nature of the injection and AEM's typical enterprise deployment profile (admin, author, and reviewer roles sharing the same domain) elevate practical risk above what the medium CVSS score alone suggests.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48301 MEDIUM This Month

Stored XSS in Adobe Experience Manager (AEM) versions up to 2026.04 allows a low-privileged authenticated attacker to persist malicious JavaScript in vulnerable form fields, which executes in any victim's browser upon visiting the affected page. The CVSS S:C (Scope Changed) flag elevates the practical risk: a low-privileged content author could target administrators browsing the same AEM instance, enabling session hijacking or privilege escalation beyond the raw 5.4 Medium score implies. No public exploit identified at time of analysis; Adobe has published advisory APSB26-56 addressing the issue.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48300 MEDIUM This Month

Stored XSS in Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, and 2026.04 and earlier enables a low-privileged authenticated attacker to inject persistent malicious JavaScript into vulnerable form fields. When a victim - potentially a higher-privileged user such as an administrator - browses to the affected page, the injected script executes in their browser context, enabling session token theft, credential harvesting, or actions performed on the victim's behalf. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis; however, the CVSS S:C (Scope Changed) designation signals that the real-world impact exceeds what the raw 5.4 Medium score implies, particularly in environments where low-privileged contributors can submit content reviewed by administrators.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48299 MEDIUM This Month

Stored Cross-Site Scripting in Adobe Experience Manager (AEM) versions up to and including 6.5.24, LTS SP1, and 2026.04 enables a low-privileged authenticated attacker to persist malicious JavaScript into vulnerable form fields. The injected script executes in the browser of any victim who subsequently visits the affected page, with a changed scope designation (S:C) indicating the impact crosses security boundaries beyond the directly vulnerable component. No public exploit code or CISA KEV listing has been identified at time of analysis, but the combination of low privilege requirements and changed scope makes this a meaningful risk in multi-tenant or large-organization AEM deployments where content authoring access is broadly distributed.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48297 MEDIUM This Month

Stored Cross-Site Scripting in Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier enables an authenticated low-privileged attacker - such as a content editor - to persist malicious JavaScript payloads into vulnerable form fields. The injected script executes in the browser of any victim who subsequently browses to the affected page, with scope change (S:C) indicating the attack crosses from the author context into the victim's browser security context. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48280 MEDIUM This Month

DOM-based Cross-Site Scripting in Adobe Experience Manager (AEM) versions up to and including 6.5.24, LTS SP1, and 2026.04 allows a low-privileged authenticated attacker to execute arbitrary JavaScript in a victim's browser by manipulating the DOM environment through a crafted webpage. The CVSS scope change (S:C) indicates impact can extend beyond the vulnerable AEM component itself - for instance, to other browser-accessible resources or session contexts. No public exploit code or CISA KEV listing has been identified at time of analysis; exploitation requires deliberate social engineering to induce user interaction.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48271 MEDIUM This Month

DOM-based Cross-Site Scripting in Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, and 2026.04 and earlier allows a low-privileged authenticated attacker to inject and execute malicious JavaScript within a victim's browser by manipulating the client-side DOM environment. The CVSS scope change (S:C) is the critical risk amplifier here: injected script executes outside the originating component's security boundary, potentially enabling session hijacking, credential theft, or privilege escalation against higher-privileged AEM users such as administrators. This CVE is not listed in the CISA KEV catalog and no public exploit code has been identified at time of analysis.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48268 MEDIUM This Month

DOM-based Cross-Site Scripting in Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, and 2026.04 and earlier allows a low-privileged, authenticated attacker to execute malicious JavaScript within a victim's browser by manipulating the DOM environment of a crafted webpage. The CVSS Scope:Changed indicator confirms this vulnerability crosses the security boundary from the AEM application into the victim's browser context, enabling session hijacking, credential theft, or unauthorized actions on behalf of the victim. No public exploit code or CISA KEV listing has been identified at time of analysis; however, Adobe has published advisory APSB26-56 acknowledging the issue.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48266 MEDIUM This Month

DOM-based XSS in Adobe Experience Manager (AEM) versions up to 6.5.24, LTS SP1, and 2026.04 allows an authenticated low-privileged attacker to inject malicious JavaScript that executes entirely within the victim's browser via client-side DOM manipulation. The changed scope (S:C) in the CVSS vector means successful exploitation can reach session tokens, cookies, or resources beyond the directly vulnerable AEM component - a meaningful risk amplifier in enterprise content authoring environments. Exploitation requires user interaction (UI:R), meaning the attacker must social-engineer a victim into visiting a crafted webpage. No public exploit identified at time of analysis, and CISA KEV listing has not been confirmed.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48265 MEDIUM This Month

DOM-based Cross-Site Scripting in Adobe Experience Manager (AEM) versions up to and including 6.5.24, LTS SP1, and 2026.04 allows a low-privileged authenticated attacker to execute arbitrary JavaScript in a victim's browser by inducing them to visit a crafted webpage. The changed scope (S:C in the CVSS vector) indicates the injected script escapes the AEM application boundary and executes in the victim's browser context, enabling session hijacking, credential harvesting, or further client-side attacks. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-48264 MEDIUM This Month

DOM-based Cross-Site Scripting in Adobe Experience Manager (versions 6.5.24, LTS SP1, and 2026.04 and earlier) allows a low-privileged authenticated attacker to inject and execute malicious JavaScript in a victim's browser by manipulating client-side DOM sinks. The CVSS scope-changed flag (S:C) indicates the injected script can operate beyond the vulnerable component's security context, enabling session theft, credential harvesting, or unauthorized administrative actions against higher-privileged users within the same AEM instance. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but the cross-privilege escalation potential in shared AEM deployments warrants prompt patching.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
Prev Page 12 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy