Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12686
Total
851
Critical
3660
High
3983
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-15565 | MEDIUM | 5.3 | The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions … | Apr 14, 2026 |
| CVE-2026-34161 | UNKNOWN | — | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment … | Apr 14, 2026 |
| CVE-2026-34160 | HIGH | 8.6 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible … | Apr 14, 2026 |
| CVE-2026-33715 | HIGH | 7.2 | Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other … | Apr 14, 2026 |
| CVE-2026-33714 | UNKNOWN | — | Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix … | Apr 14, 2026 |
| CVE-2026-27287 | HIGH | 7.8 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past … | Apr 14, 2026 |
| CVE-2026-25133 | UNKNOWN | — | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the … | Apr 14, 2026 |
| CVE-2026-25125 | MEDIUM | 4.9 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI … | Apr 14, 2026 |
| CVE-2026-24893 | HIGH | 8.8 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that … | Apr 14, 2026 |
| CVE-2026-40683 | HIGH | 7.7 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is … | Apr 14, 2026 |
| CVE-2026-34630 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-34618 | HIGH | 7.8 | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the … | Apr 14, 2026 |
| CVE-2026-27313 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27312 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27311 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27310 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27289 | HIGH | 7.8 | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past … | Apr 14, 2026 |
| CVE-2026-27222 | MEDIUM | 5.5 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this … | Apr 14, 2026 |
| CVE-2026-34625 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |
| CVE-2026-34624 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |
| CVE-2026-34623 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |
| CVE-2026-5756 | UNKNOWN | — | Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data … | Apr 14, 2026 |
| CVE-2026-5754 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized … | Apr 14, 2026 |
| CVE-2026-5752 | CRITICAL | 9.3 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. | Apr 14, 2026 |
| CVE-2026-34629 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |