Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

windows

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

6

CISA CVEs -

0

NVD CVEs -

9919
Related CVEsRelated VendorsRelated AssignersReports
9925Vulnerabilities found

CVE-2026-40952
Assigner-Absolute Software
ShareView Details
Assigner-Absolute Software
CVSS Score-8.5||HIGH
EPSS-0.09% / 0.73%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 19:32
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilge misconfiguration in Secure Access installers

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location.

Action-Not Available
Vendor-Absolute Software CorporationMicrosoft Corporation
Product-secure_accesswindowsSecure Access
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2026-48295
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.17%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:33
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-48290
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-8.2||HIGH
EPSS-0.18% / 7.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:33
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)

CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-48357
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:33
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-48296
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-48287
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.4||HIGH
EPSS-0.14% / 3.65%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Untrusted Search Path (CWE-426)

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-48312
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 5.42%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48351
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48302
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48354
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-48298
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 4.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-48352
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48353
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 5.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:32
Updated-16 Jul, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.Linux Kernel Organization, IncGoogle LLC
Product-macosiphone_oslinux_kernelc2pa-webc2patoolc2pawindowsandroidContent Credentials Command-Line ToolContent Credentials JS SDKContent Credentials Rust SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48336
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:16
Updated-16 Jul, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-illustratorwindowsIllustrator Desktop 2025Illustrator Desktop 2026
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48335
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:16
Updated-16 Jul, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-illustratorwindowsIllustrator Desktop 2025Illustrator Desktop 2026
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48337
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:16
Updated-16 Jul, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-illustratorwindowsIllustrator Desktop 2025Illustrator Desktop 2026
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48334
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 34.59%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:16
Updated-16 Jul, 2026 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Improper Input Validation (CWE-20)

Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-illustratorwindowsIllustrator Desktop 2025Illustrator Desktop 2026
CWE ID-CWE-20
Improper Input Validation
CVE-2026-48275
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-8.6||HIGH
EPSS-0.16% / 5.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:16
Updated-16 Jul, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Untrusted Search Path (CWE-426)

Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-illustratorwindowsIllustrator Desktop 2025Illustrator Desktop 2026
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-48340
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.66%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:35
Updated-16 Jul, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge | Untrusted Pointer Dereference (CWE-822)

Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-bridgewindowsmacosAdobe Bridge
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2026-48343
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.47%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:35
Updated-16 Jul, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-bridgewindowsmacosAdobe Bridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48339
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.51%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:35
Updated-16 Jul, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge | Heap-based Buffer Overflow (CWE-122)

Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-bridgewindowsmacosAdobe Bridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-48311
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.47%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:35
Updated-16 Jul, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-bridgewindowsmacosAdobe Bridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48342
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.60%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:35
Updated-16 Jul, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge | Integer Overflow or Wraparound (CWE-190)

Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-bridgewindowsmacosAdobe Bridge
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-48341
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:35
Updated-16 Jul, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-bridgewindowsmacosAdobe Bridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48272
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.13% / 3.07%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:21
Updated-17 Jul, 2026 | 03:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Creative Cloud Desktop | Uncontrolled Search Path Element (CWE-427)

Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-creative_cloud_desktop_applicationwindowsCreative Cloud Desktop
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-48344
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 1.22%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:21
Updated-17 Jul, 2026 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GoCart | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Creative Cloud Desktop is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-creative_cloud_desktop_applicationwindowsCreative Cloud Desktop
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-15773
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.25% / 16.46%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:09
Updated-15 Jul, 2026 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChrome
CWE ID-CWE-416
Use After Free
CVE-2026-15771
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 19.33%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:09
Updated-15 Jul, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-15767
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.31% / 23.11%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:09
Updated-15 Jul, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-48346
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.9||HIGH
EPSS-0.19% / 8.41%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:53
Updated-16 Jul, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Untrusted Search Path (CWE-426)

Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-animatewindowsmacosAdobe Animate 2023Adobe Animate 2024
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-48345
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-8.2||HIGH
EPSS-0.73% / 50.29%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:53
Updated-16 Jul, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-animatewindowsmacosAdobe Animate 2023Adobe Animate 2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-48347
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.7||HIGH
EPSS-0.56% / 42.81%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:53
Updated-16 Jul, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-animatewindowsmacosAdobe Animate 2023Adobe Animate 2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-48349
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-8.1||HIGH
EPSS-0.19% / 9.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:53
Updated-16 Jul, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Incorrect Authorization (CWE-863)

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-animatewindowsmacosAdobe Animate 2023Adobe Animate 2024
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-48348
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.7||HIGH
EPSS-0.17% / 6.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:53
Updated-16 Jul, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Incorrect Authorization (CWE-863)

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-animatewindowsmacosAdobe Animate 2023Adobe Animate 2024
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-48350
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-8.6||HIGH
EPSS-0.19% / 9.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:53
Updated-16 Jul, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to access sensitive files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-animatewindowsmacosAdobe Animate 2023Adobe Animate 2024
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-47967
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:48
Updated-15 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-auditionwindowsmacosAudition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48309
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.16%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:48
Updated-15 Jul, 2026 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-auditionwindowsmacosAudition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-47969
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 9.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:48
Updated-15 Jul, 2026 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Read (CWE-125)

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-auditionwindowsmacosAudition
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-48365
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:48
Updated-15 Jul, 2026 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-auditionwindowsmacosAudition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-47968
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:48
Updated-15 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-auditionwindowsmacosAudition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48368
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:48
Updated-15 Jul, 2026 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-auditionwindowsmacosAudition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-59841
Assigner-Fortinet, Inc.
ShareView Details
Assigner-Fortinet, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.15% / 4.39%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 15:15
Updated-15 Jul, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>

Action-Not Available
Vendor-Fortinet, Inc.Microsoft Corporation
Product-fortisiemwindowsFortiSIEMWindowsAgent
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2026-57211
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.73%
||
7 Day CHG+0.13%
Published-10 Jul, 2026 | 20:16
Updated-13 Jul, 2026 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RabbitMQ: UNC SSRF affecting the management UI on Windows

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extension plugins are enabled, causing outbound DNS and SMB requests to attacker-controlled UNC paths. This issue is fixed in versions 4.1.11 and 4.2.6.

Action-Not Available
Vendor-rabbitmqBroadcom Inc.Microsoft Corporation
Product-rabbitmq_serverwindowsrabbitmq-server
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-0278
Assigner-Palo Alto Networks, Inc.
ShareView Details
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.15% / 5.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 19:12
Updated-16 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Microsoft Corporation
Product-prisma_access_agentwindowsPrisma Access Agent
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-15122
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.19% / 8.76%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 22:36
Updated-10 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-15120
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.18% / 7.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 22:36
Updated-10 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChrome
CWE ID-CWE-416
Use After Free
CVE-2026-13126
Assigner-14984358-7092-470d-8f34-ade47a7658a2
ShareView Details
Assigner-14984358-7092-470d-8f34-ade47a7658a2
CVSS Score-7.8||HIGH
EPSS-0.12% / 1.88%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 07:36
Updated-09 Jul, 2026 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.

Action-Not Available
Vendor-Foxit Software Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerwindowspdf_editorFoxit PDF EditorFoxit PDF Reader
CWE ID-CWE-416
Use After Free
CVE-2026-13127
Assigner-14984358-7092-470d-8f34-ade47a7658a2
ShareView Details
Assigner-14984358-7092-470d-8f34-ade47a7658a2
CVSS Score-7.8||HIGH
EPSS-0.12% / 1.88%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 07:36
Updated-09 Jul, 2026 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash.

Action-Not Available
Vendor-Foxit Software Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerwindowspdf_editorFoxit PDF EditorFoxit PDF Reader
CWE ID-CWE-416
Use After Free
CVE-2026-13128
Assigner-14984358-7092-470d-8f34-ade47a7658a2
ShareView Details
Assigner-14984358-7092-470d-8f34-ade47a7658a2
CVSS Score-7.8||HIGH
EPSS-0.12% / 1.88%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 07:36
Updated-09 Jul, 2026 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application.

Action-Not Available
Vendor-Foxit Software Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerwindowspdf_editorFoxit PDF EditorFoxit PDF Reader
CWE ID-CWE-416
Use After Free
CVE-2026-57239
Assigner-14984358-7092-470d-8f34-ade47a7658a2
ShareView Details
Assigner-14984358-7092-470d-8f34-ade47a7658a2
CVSS Score-8.2||HIGH
EPSS-0.11% / 1.83%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 07:36
Updated-09 Jul, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor/Reader Local Privilege Escalation

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Foxit Software Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerwindowspdf_editorFoxit PDF EditorFoxit PDF Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 198
  • 199
  • Next