Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-27308 | LOW | 2.4 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit … | Apr 14, 2026 |
| CVE-2026-27307 | LOW | 2.4 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit … | Apr 14, 2026 |
| CVE-2026-27306 | HIGH | 8.4 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27305 | HIGH | 8.6 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead … | Apr 14, 2026 |
| CVE-2026-27304 | CRITICAL | 9.3 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27282 | HIGH | 7.5 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could … | Apr 14, 2026 |
| CVE-2025-15565 | MEDIUM | 5.3 | The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions … | Apr 14, 2026 |
| CVE-2026-34161 | UNKNOWN | — | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment … | Apr 14, 2026 |
| CVE-2026-34160 | HIGH | 8.6 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible … | Apr 14, 2026 |
| CVE-2026-33715 | HIGH | 7.2 | Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other … | Apr 14, 2026 |
| CVE-2026-33714 | UNKNOWN | — | Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix … | Apr 14, 2026 |
| CVE-2026-27287 | HIGH | 7.8 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past … | Apr 14, 2026 |
| CVE-2026-25133 | UNKNOWN | — | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the … | Apr 14, 2026 |
| CVE-2026-25125 | MEDIUM | 4.9 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI … | Apr 14, 2026 |
| CVE-2026-24893 | HIGH | 8.8 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that … | Apr 14, 2026 |
| CVE-2026-40683 | HIGH | 7.7 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is … | Apr 14, 2026 |
| CVE-2026-34630 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-34618 | HIGH | 7.8 | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the … | Apr 14, 2026 |
| CVE-2026-27313 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27312 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27311 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27310 | HIGH | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27289 | HIGH | 7.8 | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past … | Apr 14, 2026 |
| CVE-2026-27222 | MEDIUM | 5.5 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this … | Apr 14, 2026 |
| CVE-2026-34625 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |