Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-27300 | MEDIUM | 5.5 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage … | Apr 14, 2026 |
| CVE-2026-27299 | MEDIUM | 6.3 | Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could … | Apr 14, 2026 |
| CVE-2026-27298 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code … | Apr 14, 2026 |
| CVE-2026-27297 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-27296 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-27295 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the … | Apr 14, 2026 |
| CVE-2026-27294 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past … | Apr 14, 2026 |
| CVE-2026-27293 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27292 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27290 | HIGH | 8.6 | Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context … | Apr 14, 2026 |
| CVE-2026-40291 | HIGH | 8.8 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/{id} endpoint allows … | Apr 14, 2026 |
| CVE-2026-39907 | UNKNOWN | — | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the … | Apr 14, 2026 |
| CVE-2026-39906 | UNKNOWN | — | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes … | Apr 14, 2026 |
| CVE-2026-35196 | HIGH | 8.8 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the … | Apr 14, 2026 |
| CVE-2026-34631 | HIGH | 7.8 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the … | Apr 14, 2026 |
| CVE-2026-34619 | HIGH | 7.7 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result … | Apr 14, 2026 |
| CVE-2026-34602 | HIGH | 7.1 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing … | Apr 14, 2026 |
| CVE-2026-34370 | MEDIUM | 6.5 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that … | Apr 14, 2026 |
| CVE-2026-34213 | MEDIUM | 5.4 | Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated … | Apr 14, 2026 |
| CVE-2026-34212 | MEDIUM | 5.4 | Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user … | Apr 14, 2026 |
| CVE-2026-33193 | MEDIUM | 4.6 | Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling … | Apr 14, 2026 |
| CVE-2026-33146 | MEDIUM | 4.3 | Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets … | Apr 14, 2026 |
| CVE-2026-33020 | HIGH | 7.1 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow … | Apr 14, 2026 |
| CVE-2026-33019 | HIGH | 7.1 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in … | Apr 14, 2026 |
| CVE-2026-33018 | HIGH | 7.0 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where … | Apr 14, 2026 |