Threat Intelligence Feed

MED · CVE-2026-9754 An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted is HIGH · CVE-2026-9753 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed MED · CVE-2026-9752 An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSO MED · CVE-2026-9751 The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mon MED · CVE-2026-9750 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfe MED · CVE-2026-9749 This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-ran MED · CVE-2026-9748 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index st MED · CVE-2026-9747 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. MED · CVE-2026-9746 When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which MED · CVE-2026-9743 In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines HIGH · CVE-2026-9742 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of th MED · CVE-2026-9741 A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side F HIGH · CVE-2026-9740 A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by MED · CVE-2026-9735 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. W MED · CVE-2026-46433 lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips HIGH · CVE-2026-46374 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers HIGH · CVE-2026-46373 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers CVE-2026-44963 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. CVE-2026-10238 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. MED · CVE-2026-47905 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu MED · CVE-2026-47904 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu MED · CVE-2026-47903 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v MED · CVE-2026-47902 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu HIGH · CVE-2026-34713 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu HIGH · CVE-2026-34712 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v HIGH · CVE-2026-34711 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparo MED · CVE-2026-34657 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pa MED · CVE-2026-34417 OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbit MED · CVE-2026-25860 OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that al CRIT · CVE-2026-48303 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerabil HIGH · CVE-2026-48292 Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i HIGH · CVE-2026-48291 Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i MED · CVE-2026-47961 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that HIGH · CVE-2026-47960 ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference HIGH · CVE-2026-47959 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerabili HIGH · CVE-2026-47955 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could HIGH · CVE-2026-47952 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerabilit CRIT · CVE-2026-47938 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) HIGH · CVE-2026-47937 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulne MED · CVE-2026-47933 ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that c MED · CVE-2026-9754 An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted is HIGH · CVE-2026-9753 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed MED · CVE-2026-9752 An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSO MED · CVE-2026-9751 The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mon MED · CVE-2026-9750 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfe MED · CVE-2026-9749 This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-ran MED · CVE-2026-9748 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index st MED · CVE-2026-9747 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. MED · CVE-2026-9746 When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which MED · CVE-2026-9743 In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines HIGH · CVE-2026-9742 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of th MED · CVE-2026-9741 A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side F HIGH · CVE-2026-9740 A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by MED · CVE-2026-9735 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. W MED · CVE-2026-46433 lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips HIGH · CVE-2026-46374 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers HIGH · CVE-2026-46373 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers CVE-2026-44963 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. CVE-2026-10238 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. MED · CVE-2026-47905 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu MED · CVE-2026-47904 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu MED · CVE-2026-47903 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v MED · CVE-2026-47902 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu HIGH · CVE-2026-34713 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu HIGH · CVE-2026-34712 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v HIGH · CVE-2026-34711 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparo MED · CVE-2026-34657 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pa MED · CVE-2026-34417 OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbit MED · CVE-2026-25860 OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that al CRIT · CVE-2026-48303 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerabil HIGH · CVE-2026-48292 Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i HIGH · CVE-2026-48291 Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i MED · CVE-2026-47961 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that HIGH · CVE-2026-47960 ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference HIGH · CVE-2026-47959 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerabili HIGH · CVE-2026-47955 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could HIGH · CVE-2026-47952 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerabilit CRIT · CVE-2026-47938 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) HIGH · CVE-2026-47937 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulne MED · CVE-2026-47933 ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that c