Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-48815 — sigstore-js: `certificateOIDs` verification constraints are silently dropped and never en…

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarde…

sigstore | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.7 HIGH
CVE-2026-48801 — linkify-it: Quadratic algorithmic complexity in LinkifyIt#match scan loop

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containin…

Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.4 MEDIUM
CVE-2026-48758 — sigstore-js: DSSE payloadType type-binding failure

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE st…

Remote | Cryptography
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-48370 — Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…

media_encoder | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48369 — Premiere Pro | Out-of-bounds Write (CWE-787)

Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction…

premiere | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48367 — After Effects | Out-of-bounds Write (CWE-787)

After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…

after_effects | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48366 — Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…

media_encoder | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48344 — GoCart | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Creative Cloud Desktop is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depen…

| Race Condition
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48343 — Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th…

bridge | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48342 — Bridge | Integer Overflow or Wraparound (CWE-190)

Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…

bridge | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48341 — Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th…

bridge | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48340 — Bridge | Untrusted Pointer Dereference (CWE-822)

Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…

bridge | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48339 — Bridge | Heap-based Buffer Overflow (CWE-122)

Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction…

bridge | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.8 MEDIUM
CVE-2026-48338 — ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal…

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this…

| Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.7 HIGH
CVE-2026-48332 — ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass secu…

Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
2.7 LOW
CVE-2026-48329 — ColdFusion | Insufficient Session Expiration (CWE-613)

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass secur…

Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.7 HIGH
CVE-2026-48328 — ColdFusion | Improper Input Validation (CWE-20)

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security mea…

Remote | Authentication
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.0 CRITICAL
CVE-2026-48327 — ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user i…

| Authorization
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
9.3 CRITICAL
CVE-2026-48325 — ColdFusion | Missing Authentication for Critical Function (CWE-306)

ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue doe…

| Authentication
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
9.1 CRITICAL
CVE-2026-48324 — ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Inj…

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the cur…

Remote | Injection
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
Showing 20 of 8379 Results