The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-55947 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published: July 14, 2026; 2:18:22 PM -0400 -
CVE-2026-55949 - Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published: July 14, 2026; 2:18:22 PM -0400 -
CVE-2026-56156 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published: July 14, 2026; 2:18:22 PM -0400 -
CVE-2026-41681 - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past it... read CVE-2026-41681
Published: April 24, 2026; 2:16:29 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-41676 - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to ho... read CVE-2026-41676
Published: April 24, 2026; 2:16:29 PM -0400V3.1: 7.5 HIGH
-
CVE-2026-41898 - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_coo... read CVE-2026-41898
Published: April 24, 2026; 2:16:29 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2026-44172 - MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and... read CVE-2026-44172
Published: June 12, 2026; 2:16:34 PM -0400V3.1: 9.1 CRITICAL
-
CVE-2026-47984 - Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitat... read CVE-2026-47984
Published: July 14, 2026; 4:17:04 PM -0400V3.1: 9.1 CRITICAL
-
CVE-2026-45756 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns directly into preg... read CVE-2026-45756
Published: July 14, 2026; 2:17:17 PM -0400V3.1: 7.5 HIGH
-
CVE-2026-45077 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by defau... read CVE-2026-45077
Published: July 14, 2026; 2:17:17 PM -0400V3.1: 8.6 HIGH
-
CVE-2026-47988 - Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitat... read CVE-2026-47988
Published: July 14, 2026; 4:17:04 PM -0400V3.1: 9.1 CRITICAL
-
CVE-2026-45074 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which reflects an attacker-con... read CVE-2026-45074
Published: July 14, 2026; 2:17:16 PM -0400V3.1: 8.1 HIGH
-
CVE-2026-55135 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Published: July 14, 2026; 2:18:20 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2026-47992 - Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could ... read CVE-2026-47992
Published: July 14, 2026; 4:17:04 PM -0400 -
CVE-2026-47994 - Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser w... read CVE-2026-47994
Published: July 14, 2026; 4:17:04 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2026-12390 - In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
Published: June 18, 2026; 3:16:22 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-21404 - NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transf... read CVE-2026-21404
Published: June 04, 2026; 4:16:57 PM -0400 -
CVE-2026-58277 - Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Published: July 14, 2026; 2:18:36 PM -0400 -
CVE-2026-56157 - Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Published: July 14, 2026; 2:18:22 PM -0400 -
CVE-2026-55034 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Published: July 14, 2026; 2:18:14 PM -0400V3.1: 8.7 HIGH