Skip to main content
CVE-2026-42771 MEDIUM PATCH This Month

Out-of-bounds read in OpenSSL 4.0.0's `X509_VERIFY_PARAM_set1_email()` function can crash applications performing email-based X.509 certificate verification when processing attacker-influenced email input, resulting in a denial-of-service condition. The vulnerability is scoped to OpenSSL 4.0.0 only and was patched in the June 9, 2026 security release (4.0.1), which bundled fixes for 18 CVEs. No public exploit identified at time of analysis and no CISA KEV listing.

OpenSSL Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34691 MEDIUM This Month

Stored cross-site scripting in Adobe Experience Manager Forms JEE LTS SP1 and 6.5.24.0 and earlier allows remote unauthenticated attackers to inject malicious JavaScript into vulnerable form fields that executes in victims' browsers when they visit the affected page. The scope-changed CVSS 9.3 reflects that the injected script can pivot beyond the vulnerable component to compromise the victim's authenticated session or account. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

XSS Adobe
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-41846 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Spring Framework's MVC JSP form tags allows unauthenticated remote attackers to inject arbitrary HTML or JavaScript into rendered pages by supplying malicious values through the cssClass, cssErrorClass, or cssStyle tag attributes. Applications across four active Spring Framework release lines (5.3.x through 7.0.x) are affected when they pass user-controlled input directly into these tag attributes. No public exploit code has been identified at time of analysis, and CISA has not listed this CVE in the Known Exploited Vulnerabilities catalog, but the broad installed base of Spring MVC in enterprise Java environments and the high confidentiality impact (session hijacking, credential theft) warrant prompt patching.

XSS Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41845 MEDIUM PATCH This Month

Cross-site scripting in Spring Framework versions 5.3.0-5.3.48, 6.1.0-6.1.27, 6.2.0-6.2.18, and 7.0.0-7.0.7 allows remote attackers to inject JavaScript into victim browsers when applications rely on JavaScriptUtils.javaScriptEscape() for output encoding. The flaw stems from incomplete escaping in this utility method, and successful exploitation requires user interaction (UI:R) such as visiting a crafted page. No public exploit has been identified at time of analysis and the issue is not in CISA KEV.

XSS Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25688 MEDIUM This Month

Unsanitized rendering of AI-generated response content in Apache Answer through 2.0.0 enables cross-site scripting (XSS) execution in the browsers of any user viewing affected AI-generated answers. The vulnerability (CWE-87, Improper Neutralization of Alternate XSS Syntax) arises because the AI answer rendering pipeline passes output directly to the browser DOM without stripping or encoding malicious script constructs. No public exploit code has been identified at time of analysis, and CISA KEV listing has not been confirmed, but the critical severity designation and vendor-confirmed patch at 2.0.1 indicate this is a high-priority remediation target for all deployments using the AI answer feature.

XSS Apache
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-36725 MEDIUM This Month

Cross-site scripting via unsanitized markdown rendering in FastapiAdmin v2.2.0 allows unauthenticated remote attackers to inject arbitrary JavaScript or HTML through the notice_content parameter of the /system/notice/create endpoint. The Changed scope (S:C) in the CVSS vector confirms the injected script executes in a browser security context distinct from the vulnerable component itself, enabling session hijacking, credential theft, or defacement against any user who views the crafted notice. No confirmed active exploitation (CISA KEV) exists at time of analysis, though a researcher-published reference on GitHub likely documents a proof-of-concept payload.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41844 MEDIUM PATCH This Month

Open redirect in Spring Framework (Spring MVC and Spring WebFlux) across four major version branches enables unauthenticated remote attackers to craft URLs that cause the application to issue a 302 HTTP redirect to an arbitrary attacker-controlled external host. The vulnerability is conditionally exploitable - requiring a catch-all wildcard route mapping without an explicit view name - and demands user interaction to trigger. CVSS rates this 4.2 Medium (AV:N/AC:H/PR:N/UI:R); no public exploit code or CISA KEV listing has been identified at time of analysis.

Open Redirect Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41715 MEDIUM PATCH This Month

Credential leakage in the Reactor Netty HTTP client exposes authentication material when following redirects that cross security boundaries from HTTPS to HTTP. Affected are all four supported release lines: 1.0.x through 1.0.51, 1.1.x through 1.1.35, 1.2.x through 1.2.17, and 1.3.x through 1.3.5. An attacker who controls or can influence a redirect response can cause the client to transmit credentials over an unencrypted channel, where they may be intercepted. No public exploit code has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog.

Information Disclosure Reactor Netty Red Hat
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25699 MEDIUM This Month

Apache Answer's Timeline API endpoints through version 2.0.0 fail to enforce authorization, exposing deleted, private, and unapproved content - along with full revision histories - to any authenticated regular user. The vulnerability is an information disclosure flaw affecting all Apache Answer deployments (community forums, help centers, knowledge platforms) running 2.0.0 or earlier. No public exploit has been identified and no KEV listing exists; however, in community deployments where user accounts are freely self-registered, the authentication prerequisite provides limited real-world protection.

Authentication Bypass Apache
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-11603 MEDIUM This Month

Reflected Cross-Site Scripting in the Product Filter Widget for Elementor WordPress plugin (versions up to and including 1.0.6) enables unauthenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session. The vulnerability stems from unsanitized output of the 'args[filterFormArray]' parameter in a publicly accessible AJAX endpoint registered via wp_ajax_nopriv_ with no nonce verification or capability check, meaning any unauthenticated request to admin-ajax.php can carry the payload. Exploitation is delivered via a CSRF-style auto-submitting form, requiring the attacker to social-engineer a victim into visiting an attacker-controlled page; no public exploit code or CISA KEV listing has been identified at time of analysis.

PHP XSS CSRF WordPress Elementor
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-8910 MEDIUM This Month

Cross-Site Request Forgery combined with stored XSS in the WP Emoticon Rating WordPress plugin (all versions ≤ 1.0.1) allows unauthenticated remote attackers to persistently inject malicious scripts into site settings by tricking a logged-in administrator into clicking a crafted link. The CVSS Scope:Changed rating reflects that the injected payload executes beyond the admin context, potentially affecting all site visitors. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

CSRF WordPress
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-8907 MEDIUM This Month

WP-Ultimate-Map plugin for WordPress (versions up to and including 1.1) is vulnerable to a chained CSRF-to-stored-XSS attack that allows unauthenticated network attackers to hijack plugin settings and inject persistent JavaScript into the WordPress admin panel. The missing nonce check on `process_init()` - hooked to `admin_init` - means any forged POST with a `save-setting` parameter will overwrite plugin options without any authentication or state validation. The injected `zoom-level` value is then stored unsanitized and reflected verbatim into an HTML attribute and inline JavaScript block on the settings page, completing the XSS chain. No public exploit identified at time of analysis.

CSRF WordPress
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-44746 MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver JAVA's JDBC Test Servlet enables unauthenticated remote attackers to craft malicious URLs that execute arbitrary JavaScript in a victim's browser upon interaction. The Changed Scope (S:C) in the CVSS vector indicates the injected script can affect browser context beyond the vulnerable origin, enabling session theft, credential harvesting, or unauthorized modification of webclient data. No public exploit code has been identified at time of analysis, and this vulnerability has not been listed in the CISA KEV catalog.

XSS SAP Java
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-45502 MEDIUM PATCH This Month

Server-side request forgery in Microsoft Exchange Server enables an authenticated low-privilege attacker to coerce the server into issuing outbound network requests to internal or external resources, resulting in information disclosure. Affected deployments span Exchange Server 2016 CU23, Exchange Server 2019 CU14 and CU15, and the current Subscription Edition - all at versions below their respective patched builds. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis, but the Changed scope in the CVSS vector indicates the server can reach resources beyond its own trust boundary, amplifying reconnaissance value for an already-authenticated adversary.

Microsoft SSRF Exchange Server Exchange Server Subscription Edition
NVD VulDB
CVSS 3.1
5.0
EPSS
0.1%
CVE-2026-28262 MEDIUM PATCH This Month

Link-following (symlink attack) in Dell iDRAC Tools versions prior to 11.4.1.0 allows a low-privileged local attacker to redirect file operations to unintended targets, resulting in unauthorized modification of files (high integrity impact) and potential availability disruption. Exploitation requires both low-level local access and user interaction, placing this in a constrained attack surface. No public exploit code and no CISA KEV listing have been identified at time of analysis, and no EPSS score was supplied in source data.

Information Disclosure Dell
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-42766 MEDIUM PATCH This Month

Null pointer dereference in OpenSSL's password-based CMS decryption path enables remote denial of service against applications that process CMS EnvelopedData with password-based key derivation. The flaw affects a wide range of OpenSSL branches spanning 1.0.2 through 4.0.0, making the exposure surface unusually broad across long-term support and current releases. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the CVSS score of 5.9 (Medium) reflects the high attack complexity required to trigger the condition.

Denial Of Service Null Pointer Dereference OpenSSL Red Hat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-42767 MEDIUM PATCH This Month

NULL pointer dereference in OpenSSL's CRMF EncryptedValue decryption path crashes the affected process, creating a remotely triggerable denial-of-service condition across five actively maintained OpenSSL branches (3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.x). The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, score 5.9) confirms network reachability with no authentication required, but high attack complexity limits trivial mass exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the broad version coverage and OpenSSL's ubiquitous deployment make patching a priority for any infrastructure using certificate management protocols.

Denial Of Service Null Pointer Dereference OpenSSL Red Hat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-41843 MEDIUM PATCH This Month

Path traversal in Spring Framework's static resource resolution exposes arbitrary server files to unauthenticated remote attackers across both Spring MVC and Spring WebFlux stacks. Four major release lines - 5.3.x, 6.1.x, 6.2.x, and 7.0.x - are affected, making this a broad-surface issue for the Java ecosystem. The CVSS vector confirms unauthenticated network access with high confidentiality impact, though the AC:H designation indicates non-trivial exploit conditions; no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

Path Traversal Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-41840 MEDIUM PATCH This Month

Denial of Service in Spring WebFlux's multipart request processing allows unauthenticated remote attackers to exhaust server resources across all supported Spring Framework branches. Affects Spring Framework 5.3.x through 7.0.x when applications use the reactive WebFlux stack and expose endpoints that accept multipart data. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the network-reachable, zero-privilege attack surface warrants prompt patching for internet-facing WebFlux deployments.

Denial Of Service Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-41710 MEDIUM PATCH This Month

Stateful retry cache exhaustion in Spring Retry 1.3.0-1.3.4 and 2.0.0-2.0.12 allows an unauthenticated remote attacker to permanently disable all retry and circuit breaker logic application-wide by flooding the service with uniquely crafted failure-triggering requests until the bounded cache is saturated. Once exhausted, the cache enters a terminal rejection state that persists until the application is restarted - making this a durable, high-impact denial-of-service condition against Java services relying on Spring Retry for resilience. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, but the network-accessible unauthenticated attack surface makes this relevant to any internet-facing Spring application using stateful retry patterns.

Denial Of Service Java Spring Retry
NVD HeroDevs VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-41841 MEDIUM PATCH This Month

Information disclosure in Spring Framework's static resource resolution affects Spring MVC and WebFlux applications across four active release lines (5.3.x, 6.1.x, 6.2.x, and 7.0.x). Unauthenticated remote attackers exploiting this flaw can access sensitive cached content served through the static resource handling pipeline, achieving high confidentiality impact. No public exploit code or CISA KEV listing has been identified at time of analysis, and the AC:H vector indicates exploitation requires specific conditions beyond default network access.

Information Disclosure Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-41973 MEDIUM This Month

Permission control bypass in Huawei HarmonyOS and EMUI's call-handling subsystem allows a locally present, unprivileged attacker to circumvent intended access restrictions, resulting in low-level impacts to confidentiality, integrity, and availability. The vulnerability stems from improper business logic governing permission enforcement (CWE-840), meaning the system fails to correctly validate whether a calling entity holds the required permissions before servicing a request. No public exploit code exists and the vulnerability has not been listed in the CISA Known Exploited Vulnerabilities catalog, but the low attack complexity and absence of privilege requirements lower the bar for local abuse.

Information Disclosure Emui
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-47240 MEDIUM PATCH GHSA This Month

CRLF command injection in Ruby's net-imap gem (CVE-2026-47240) enables attackers to inject arbitrary IMAP commands when applications pass unvalidated user-controlled input to raw data arguments of search, fetch, sort, and thread methods. Affected versions (>= 0.6.0 through 0.6.4, and <= 0.5.14) fail to verify that the connected IMAP server supports non-synchronizing literals before sending them, meaning servers without LITERAL+, LITERAL-, or IMAP4rev2 capability may interpret the malformed literal boundary as a pipelined command rather than closing the connection - allowing injected payloads such as DELETE mailbox to execute. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the advisory is rated moderate severity by the upstream maintainers and patches are available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.2%
CVE-2026-47242 MEDIUM PATCH GHSA This Month

Command injection in Ruby's net-imap gem allows arbitrary IMAP protocol command injection via the Net::IMAP#id and Net::IMAP#enable methods when untrusted input is passed as arguments. The #id method fails to prohibit CRLF sequences in ID field value strings (despite correctly quoting other specials), while #enable passes argument .to_s values verbatim without validating them as legal IMAP atoms. An attacker who can influence these inputs can terminate the current IMAP command and append arbitrary subsequent IMAP commands such as DELETE mailbox. Rated 'moderate' by the maintainer; no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-40639 MEDIUM PATCH This Month

Weak password encoding in Dell Client Platform BIOS (CWE-261) exposes BIOS credentials to recovery by a physically present unauthenticated attacker, enabling privilege escalation through unauthorized BIOS access. Affected hardware spans ruggedized Latitude field devices, Precision workstation towers and racks, and Edge/Embedded Gateway platforms - product categories frequently deployed in physically accessible or unattended environments. No public exploit code exists and no active exploitation has been identified at time of analysis, but the combination of credential recoverability and high-confidentiality/high-integrity CVSS impact makes patching a priority for organizations managing assets in low-physical-security locations.

Information Disclosure Dell Dell Edge Gateway 3000 Dell Edge Gateway 5000 Dell Embedded Pc 3000 +9
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-9212 MEDIUM PATCH This Month

Insufficient authentication (CWE-306) and input validation weaknesses across more than 25 NETGEAR router and mesh system models allow an adjacent-network attacker with low-level privileges to execute arbitrary commands and read sensitive configuration data, or alter certain device settings. The CVSS 4.0 vector confirms the attack is limited to adjacent network segments (AV:A) and requires low privileges (PR:L), with high confidentiality impact on both the vulnerable component and subsequent systems (VC:H, SC:H). No public exploit has been identified at time of analysis, and NETGEAR has self-reported the issue with patches available for all listed product lines.

Authentication Bypass Netgear Lbr1020 Lbr20 R6700Ax +22
NVD VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-48562 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated attacker with low-level network access to inject malicious scripts into SharePoint-generated web pages, resulting in spoofing attacks against other users. The vulnerability requires victim interaction to trigger script execution, limiting automated exploitation. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; the CVSS score of 4.6 reflects the constrained impact and authentication prerequisite.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-47640 MEDIUM PATCH This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated network attacker to inject malicious scripts into SharePoint-generated web pages, enabling spoofing attacks against other authenticated users. Affected products span three active SharePoint server product lines - Enterprise Server 2016, Server 2019, and Subscription Edition - all sharing the 16.0.x codebase, with vendor-released patches now available per MSRC. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-47638 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated low-privilege network attacker to inject malicious script content into SharePoint pages, enabling spoofing attacks against victim users who render the affected content. Three product lines are affected: SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, all at specific 16.0.x build levels. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.6 Medium score reflects meaningful risk reduction from the dual prerequisites of authenticated access and required victim interaction.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-47637 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (Subscription Edition, 2019, and 2016) enables an authenticated low-privileged attacker to inject malicious scripts into web pages served to other users, resulting in spoofing over the network. The CVSS vector (PR:L/UI:R/S:U) confirms exploitation requires valid credentials and victim interaction, constraining the attack surface to authenticated SharePoint environments where a user can be induced to visit attacker-controlled content. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-45479 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated network attacker to perform spoofing attacks by injecting malicious script into web page content. Affected products include SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition across all builds below their respective patched versions. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; the CVSS score of 4.6 reflects the mandatory user interaction and constrained confidentiality/integrity impact.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-45462 MEDIUM PATCH Exploit Unlikely This Month

Stored or reflected cross-site scripting in Microsoft SharePoint Server enables an authenticated network attacker to perform spoofing attacks against other users by injecting malicious script into web page output. Affected products span three SharePoint Server product lines - 2016 Enterprise, 2019, and Subscription Edition - all on build version 16.0.x below their respective patched thresholds. Microsoft has released patches across all affected branches; no public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-6899 MEDIUM PATCH This Month

Improper certificate revocation checking in S2OPC's CycloneCrypto wrapper permits OPC UA connections authenticated with revoked certificates. The library evaluates only the first Certificate Revocation List (CRL) matching a given CA and silently discards any additional valid CRLs issued by that same CA - meaning a certificate listed exclusively in a secondary CRL passes validation unchallenged. With CVSS 5.6 (AV:N/AC:H/PR:N/UI:N), all published versions of systerel/s2opc are affected per CPE. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure S2Opc
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-11618 MEDIUM This Month

Unauthenticated remote access to the Source Connection Test endpoint in DTStack Taier up to 1.4.0 is possible because the `preHandle` method in `LoginInterceptor.java` does not invoke `tokenService.decryption(token)`, allowing any network-reachable caller to bypass authentication entirely. The same patch commit reveals that `ConnFactory.getSimpleConn()` also lacked JDBC URL sanitization, meaning an unauthenticated attacker could supply dangerous parameters such as `autoDeserialize` or `allowLoadLocalInfile` to a malicious MySQL-compatible server, elevating the real-world impact well above the assigned CVSS 5.5 Medium rating. Publicly available exploit code exists (CVSS E:P confirmed); no CISA KEV listing is confirmed at time of analysis.

Authentication Bypass Java
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-45594 MEDIUM PATCH Exploit Unlikely This Month

Information disclosure in the Windows Application Identity (AppID) Subsystem exposes sensitive data to locally authenticated, low-privileged attackers across a broad range of Windows 10, Windows 11, and Windows Server versions. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that exploitation requires only a local session with standard user privileges - no elevated rights or user interaction needed. No public exploit code or CISA KEV listing has been identified at time of analysis, but the wide affected surface spanning consumer and server SKUs makes patching a meaningful priority in multi-user or shared-system environments.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42972 MEDIUM PATCH Exploit Unlikely This Month

Local information disclosure in Windows Hyper-V enables an authenticated low-privileged attacker to access sensitive data they are not authorized to read, without any user interaction. Affected systems span a broad range of Windows desktop and server editions from Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis and no CISA KEV listing; however, the high confidentiality impact (C:H) and breadth of affected versions make this a meaningful patching priority, particularly in multi-tenant virtualization environments.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42906 MEDIUM PATCH Exploit Unlikely This Month

Windows Shell exposes sensitive information to locally authenticated, low-privileged attackers without requiring user interaction or elevated privileges. The vulnerability (CWE-200) results in high confidentiality impact, allowing disclosure of sensitive data accessible through the Shell component. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, though the Microsoft Security Response Center (MSRC) has acknowledged the issue via advisory.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-48566 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Desktop Window Manager (DWM) Core Library exposes sensitive memory contents to locally authenticated, low-privileged attackers on Windows 11 and Windows Server 2025. The flaw (CWE-125) allows a standard user to read beyond an allocated buffer boundary within the DWM process, resulting in high-confidence information disclosure with no integrity or availability impact. Microsoft has released patches covering all affected build ranges; no public exploit code has been identified at time of analysis.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45634 MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45606 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft's UxTheme Library (uxtheme.dll) enables a locally authenticated attacker to crash the affected Windows system, resulting in denial of service. The vulnerability spans a broad swath of Windows releases - from Server 2012 through Windows 11 26H1 and Windows Server 2025 - making patch surface management critical for enterprise environments. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45604 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Application Identity (AppID) Subsystem exposes sensitive kernel or process memory to a local authenticated attacker without requiring elevated privileges or user interaction. Affected builds span Windows 11 versions 23H2 through 26H1 and Windows Server 2025, including Server Core installations. No public exploit code has been identified at time of analysis and this CVE does not appear in the CISA KEV catalog, though the high confidentiality impact (CVSS C:H) indicates meaningful data exposure potential when triggered.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44814 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow Windows 11 26h1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44805 MEDIUM PATCH This Month

Use-after-free in the Windows Network Controller (NC) Host Agent enables a locally authenticated attacker to crash the service, resulting in a denial of service on affected Windows Server deployments. The vulnerability carries a CVSS score of 5.5 (Medium) with local attack vector and low-privilege requirements, limiting its blast radius to service availability - confidentiality and integrity are unaffected. No public exploit code exists and CISA KEV listing is absent at time of analysis, though a vendor patch from Microsoft is available and should be prioritized on Windows Server deployments leveraging Software Defined Networking.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42968 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-47924 MEDIUM This Month

Use After Free memory disclosure in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 (and earlier) exposes sensitive process memory contents when a victim opens a specially crafted malicious file. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the attack is local, requires no privileges, but mandates user interaction - the victim must manually open the attacker-supplied document. Impact is limited to confidentiality (C:H), with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Adobe Use After Free Memory Corruption Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34657 MEDIUM This Month

Path traversal in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits arbitrary file writes outside the intended extraction directory when a victim opens a maliciously crafted C2PA content credentials file. The CVSS vector confirms a local attack surface (AV:L) with high integrity impact (I:H) and no confidentiality or availability impact, meaning an attacker's primary capability is unauthorized file placement on the target filesystem. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Path Traversal Cai Content Credentials
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47923 MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier exposes sensitive memory contents to an attacker who can deliver a malicious PDF to a victim. The CVSS vector (AV:L/AC:L/PR:N/UI:R) confirms low complexity with no privilege prerequisite, but requires local file execution - the victim must open the crafted document. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information disclosure risk with no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47926 MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier enables sensitive memory disclosure when a victim opens a specially crafted file. The vulnerability (CWE-125) exposes potentially high-value in-memory data - including heap addresses or document contents - but cannot be leveraged for code execution or system modification based on available data. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, though the vendor-confirmed advisory (APSB26-63) establishes this as a real, patched issue.

Information Disclosure Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47961 MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader exposes sensitive process memory when a victim opens a specially crafted PDF file. Affected versions include 24.001.30365, 26.001.21651, and all earlier releases across both tracks. The vulnerability carries a high confidentiality impact (C:H) with no integrity or availability consequence, making it a targeted information disclosure primitive rather than a code execution path. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47925 MEDIUM This Month

Integer overflow in Adobe Acrobat Reader triggers an application crash when processing a specially crafted file, resulting in a denial-of-service condition. Versions 24.001.30365 and 26.001.21651 and earlier are confirmed affected per Adobe advisory APSB26-63. Impact is limited to availability - no confidentiality or integrity compromise is possible - and no public exploit or active exploitation has been identified at time of analysis.

Denial Of Service Adobe Integer Overflow Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 3 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy