Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34624 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |
| CVE-2026-34623 | MEDIUM | 5.4 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating … | Apr 14, 2026 |
| CVE-2026-5756 | UNKNOWN | — | Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data … | Apr 14, 2026 |
| CVE-2026-5754 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized … | Apr 14, 2026 |
| CVE-2026-5752 | CRITICAL | 9.3 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. | Apr 14, 2026 |
| CVE-2026-34629 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-34628 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-34627 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-34617 | HIGH | 8.7 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could … | Apr 14, 2026 |
| CVE-2026-34615 | CRITICAL | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-34614 | MEDIUM | 6.1 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim … | Apr 14, 2026 |
| CVE-2026-33829 | MEDIUM | 4.3 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-33827 | HIGH | 8.1 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33826 | HIGH | 8.0 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | Apr 14, 2026 |
| CVE-2026-33825 | HIGH | 7.8 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33824 | CRITICAL | 9.8 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33822 | MEDIUM | 6.1 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-33120 | HIGH | 8.8 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33116 | HIGH | 7.5 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-33115 | HIGH | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-33114 | HIGH | 8.4 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-33104 | HIGH | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33103 | MEDIUM | 5.5 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-33101 | HIGH | 7.8 | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33100 | HIGH | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |