Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23657 | HIGH | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-23653 | MEDIUM | 5.7 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information … | Apr 14, 2026 |
| CVE-2026-21331 | MEDIUM | 6.1 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim … | Apr 14, 2026 |
| CVE-2026-20945 | MEDIUM | 4.6 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-20930 | HIGH | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-20928 | MEDIUM | 4.6 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a … | Apr 14, 2026 |
| CVE-2026-20806 | MEDIUM | 5.5 | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-0390 | MEDIUM | 6.7 | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | Apr 14, 2026 |
| CVE-2026-0209 | UNKNOWN | — | Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. | Apr 14, 2026 |
| CVE-2026-0207 | UNKNOWN | — | A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | Apr 14, 2026 |
| CVE-2025-70023 | UNKNOWN | — | An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. | Apr 14, 2026 |
| CVE-2026-34626 | MEDIUM | 6.3 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result … | Apr 14, 2026 |
| CVE-2026-34622 | HIGH | 8.6 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result … | Apr 14, 2026 |
| CVE-2026-27291 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | Apr 14, 2026 |
| CVE-2026-27286 | MEDIUM | 5.5 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage … | Apr 14, 2026 |
| CVE-2026-27285 | MEDIUM | 5.5 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit … | Apr 14, 2026 |
| CVE-2026-27284 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read … | Apr 14, 2026 |
| CVE-2026-27283 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-27238 | HIGH | 7.8 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | Apr 14, 2026 |
| CVE-2026-22692 | MEDIUM | 4.9 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in … | Apr 14, 2026 |
| CVE-2026-5713 | UNKNOWN | — | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read … | Apr 14, 2026 |
| CVE-2026-4832 | UNKNOWN | — | CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the … | Apr 14, 2026 |
| CVE-2026-39815 | HIGH | 8.8 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute … | Apr 14, 2026 |
| CVE-2026-39814 | MEDIUM | 6.7 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 … | Apr 14, 2026 |
| CVE-2026-39813 | CRITICAL | 9.8 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack … | Apr 14, 2026 |