Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12747
Total
852
Critical
3670
High
3998
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-25184 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-24907 | UNKNOWN | — | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the … | Apr 14, 2026 |
| CVE-2026-24906 | UNKNOWN | — | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the … | Apr 14, 2026 |
| CVE-2026-23670 | MEDIUM | 5.7 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-23666 | HIGH | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-23657 | HIGH | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-23653 | MEDIUM | 5.7 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information … | Apr 14, 2026 |
| CVE-2026-21331 | MEDIUM | 6.1 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim … | Apr 14, 2026 |
| CVE-2026-20945 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-20930 | HIGH | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-20928 | MEDIUM | 4.6 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a … | Apr 14, 2026 |
| CVE-2026-20806 | MEDIUM | 5.5 | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-0390 | MEDIUM | 6.7 | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-0209 | UNKNOWN | — | Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. | Apr 14, 2026 |
| CVE-2026-0207 | UNKNOWN | — | A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | Apr 14, 2026 |
| CVE-2025-70023 | UNKNOWN | — | An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. | Apr 14, 2026 |
| CVE-2026-34626 | MEDIUM | 6.3 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result … | Apr 14, 2026 |
| CVE-2026-34622 | HIGH | 8.6 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result … | Apr 14, 2026 |
| CVE-2026-27291 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27286 | MEDIUM | 5.5 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage … | Apr 14, 2026 |
| CVE-2026-27285 | MEDIUM | 5.5 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit … | Apr 14, 2026 |
| CVE-2026-27284 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read … | Apr 14, 2026 |
| CVE-2026-27283 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-27238 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-22692 | MEDIUM | 4.9 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in … | Apr 14, 2026 |