🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-4345 | High | 7.1 |
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripti…
|
— | Apr 14, 2026 |
| CVE-2026-34256 | High | 7.1 |
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke…
|
— | Apr 14, 2026 |
| CVE-2026-4369 | High | 7.1 |
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and…
|
— | Apr 14, 2026 |
| CVE-2026-4344 | High | 7.1 |
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked…
|
— | Apr 14, 2026 |
| CVE-2026-32080 | High | 7.0 |
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |
| CVE-2026-32224 | High | 7.0 |
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |
| CVE-2026-32195 | High | 7.0 |
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |
| CVE-2026-37980 | Medium | 6.9 |
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-real…
|
— | Apr 14, 2026 |
| CVE-2026-32223 | Medium | 6.8 |
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a phys…
|
— | Apr 14, 2026 |
| CVE-2026-32167 | Medium | 6.7 |
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized …
|
— | Apr 14, 2026 |
| CVE-2026-0390 | Medium | 6.7 |
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a sec…
|
— | Apr 14, 2026 |
| CVE-2026-32176 | Medium | 6.7 |
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized …
|
— | Apr 14, 2026 |
| CVE-2026-32201 | Medium | 6.5 |
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a netw…
|
— | Apr 14, 2026 |
| CVE-2026-2582 | Medium | 6.5 |
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_hold…
|
— | Apr 14, 2026 |
| CVE-2026-34261 | Medium | 6.5 |
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could m…
|
— | Apr 14, 2026 |
| CVE-2026-27679 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker…
|
— | Apr 14, 2026 |
| CVE-2026-32151 | Medium | 6.5 |
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose in…
|
— | Apr 14, 2026 |
| CVE-2026-27677 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could upd…
|
— | Apr 14, 2026 |
| CVE-2026-27678 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker …
|
— | Apr 14, 2026 |
| CVE-2026-26155 | Medium | 6.5 |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
|
— | Apr 14, 2026 |