CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-20951 Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20952 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2025-68967 Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-20955 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20956 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20957 Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20958 Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. | 5.4 | MEDIUM | β | 0 |
| CVE-2026-20959 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | MEDIUM | β | 0 |
| CVE-2026-21308 Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sen... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20962 Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally. | 4.4 | MEDIUM | β | 0 |
| CVE-2026-20965 Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | 7.5 | HIGH | β | 0 |
| CVE-2026-21221 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | β | 0 |
| CVE-2026-21224 Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21265 Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-68271 OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vu... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-68949 n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook nodeβs IP whitelist validation performed partial string matching instead of exact IP comparison. As a resul... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-21267 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary c... | 8.6 | HIGH | β | 0 |
| CVE-2026-21268 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation ... | 8.6 | HIGH | β | 0 |
| CVE-2026-21271 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation ... | 8.6 | HIGH | β | 0 |
| CVE-2026-21272 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability t... | 8.6 | HIGH | β | 0 |
| CVE-2026-21274 Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker cou... | 7.8 | HIGH | β | 0 |
| CVE-2026-21275 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Ex... | 7.8 | HIGH | β | 0 |
| CVE-2026-21276 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Ex... | 7.8 | HIGH | β | 0 |
| CVE-2026-21277 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2026-21278 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21280 Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the applicatio... | 8.6 | HIGH | β | 0 |
| CVE-2026-22814 @adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can... | N/A | NONE | β | 0 |
| CVE-2026-21281 InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | β | 0 |
| CVE-2026-21283 Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | β | 0 |
| CVE-2026-21288 Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21304 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2026-21287 Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | β | 0 |
| CVE-2026-21305 Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of... | 7.8 | HIGH | β | 0 |
| CVE-2025-15056 A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3. | N/A | NONE | β | 0 |
| CVE-2026-21303 Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sens... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22861 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is... | 8.8 | HIGH | β | 0 |
| CVE-2025-68947 NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL reque... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-50693 Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploi... | 8.4 | HIGH | β | 0 |
| CVE-2022-50805 Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability b... | 8.2 | HIGH | β | 0 |
| CVE-2022-50807 Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. | N/A | NONE | β | 0 |
| CVE-2022-50808 CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicio... | 8.4 | HIGH | β | 0 |
| CVE-2022-50896 Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded paylo... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-50902 Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquot... | 8.4 | HIGH | β | 0 |
| CVE-2022-50904 Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquo... | 8.4 | HIGH | β | 0 |
| CVE-2022-50906 e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can... | 4.8 | MEDIUM | β | 0 |
| CVE-2022-50907 e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files... | 7.2 | HIGH | β | 0 |
| CVE-2022-50908 Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to e... | 7.2 | HIGH | β | 0 |
| CVE-2022-50909 Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit th... | 8.8 | HIGH | β | 0 |
| CVE-2022-50911 Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. | N/A | NONE | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.