CVE-2026-48858 - Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=in... read CVE-2026-48858
Published: June 10, 2026; 12:17:11 PM -0400

V3.1: 6.5 MEDIUM

CVE-2026-42907 - Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Published: June 09, 2026; 1:17:10 PM -0400

V3.1: 6.5 MEDIUM

CVE-2026-47906 - Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user... read CVE-2026-47906
Published: June 09, 2026; 4:16:59 PM -0400

V3.1: 8.6 HIGH

CVE-2026-47907 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th... read CVE-2026-47907
Published: June 09, 2026; 4:16:59 PM -0400

V3.1: 6.3 MEDIUM

CVE-2026-47908 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... read CVE-2026-47908
Published: June 09, 2026; 4:16:59 PM -0400

V3.1: 7.8 HIGH

CVE-2026-47909 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside ... read CVE-2026-47909
Published: June 09, 2026; 4:17:00 PM -0400

V3.1: 6.3 MEDIUM

CVE-2026-47910 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th... read CVE-2026-47910
Published: June 09, 2026; 4:17:00 PM -0400

V3.1: 6.3 MEDIUM

CVE-2026-47911 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2026-47911
Published: June 09, 2026; 5:17:20 PM -0400

V3.1: 7.8 HIGH

CVE-2026-47912 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2026-47912
Published: June 09, 2026; 5:17:20 PM -0400

V3.1: 7.8 HIGH

CVE-2026-10143 - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In s... read CVE-2026-10143
Published: June 10, 2026; 6:16:55 PM -0400

V3.1: 7.5 HIGH

CVE-2026-10142 - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value wit... read CVE-2026-10142
Published: June 10, 2026; 6:16:55 PM -0400

V3.1: 7.5 HIGH

CVE-2026-47913 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2026-47913
Published: June 09, 2026; 5:17:21 PM -0400

V3.1: 7.8 HIGH

CVE-2026-47914 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2026-47914
Published: June 09, 2026; 5:17:21 PM -0400

V3.1: 7.8 HIGH

CVE-2026-33113 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Published: June 09, 2026; 1:17:04 PM -0400

V3.1: 6.1 MEDIUM

CVE-2026-34692 - Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w... read CVE-2026-34692
Published: June 09, 2026; 1:17:05 PM -0400

V3.1: 5.4 MEDIUM

CVE-2026-40376 - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Published: June 09, 2026; 1:17:06 PM -0400

V3.1: 8.1 HIGH

CVE-2026-44805 - Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
Published: June 09, 2026; 1:17:16 PM -0400

V3.1: 5.5 MEDIUM

CVE-2026-45648 - Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
Published: June 09, 2026; 1:17:31 PM -0400

V3.1: 8.8 HIGH

CVE-2026-42567 - Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in... read CVE-2026-42567
Published: June 09, 2026; 1:17:07 PM -0400

V3.1: 7.5 HIGH

CVE-2026-45653 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: June 09, 2026; 1:17:32 PM -0400

V3.1: 7.0 HIGH