Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12686
Total
851
Critical
3660
High
3983
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34628 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-34627 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-34617 | HIGH | 8.7 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could … | Apr 14, 2026 |
| CVE-2026-34615 | CRITICAL | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-34614 | MEDIUM | 6.1 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim … | Apr 14, 2026 |
| CVE-2026-33829 | MEDIUM | 4.3 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-33827 | HIGH | 8.1 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33826 | HIGH | 8.0 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | Apr 14, 2026 |
| CVE-2026-33825 | HIGH | 7.8 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33824 | CRITICAL | 9.8 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33822 | MEDIUM | 6.1 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-33120 | HIGH | 8.8 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33116 | HIGH | 7.5 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-33115 | HIGH | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-33114 | HIGH | 8.4 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-33104 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33103 | MEDIUM | 5.5 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-33101 | HIGH | 7.8 | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33100 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33099 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33098 | HIGH | 7.8 | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33096 | HIGH | 7.5 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-33095 | HIGH | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-32226 | MEDIUM | 5.9 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-32225 | HIGH | 8.8 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | Apr 14, 2026 |