🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-27296 | High | 7.8 |
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha…
|
— | Apr 14, 2026 |
| CVE-2026-34619 | High | 7.7 |
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir…
|
— | Apr 14, 2026 |
| CVE-2026-27913 | High | 7.7 |
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
|
— | Apr 14, 2026 |
| CVE-2026-26154 | High | 7.5 |
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a n…
|
— | Apr 14, 2026 |
| CVE-2026-32203 | High | 7.5 |
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
|
— | Apr 14, 2026 |
| CVE-2026-26171 | High | 7.5 |
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
|
— | Apr 14, 2026 |
| CVE-2026-27282 | High | 7.5 |
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re…
|
— | Apr 14, 2026 |
| CVE-2026-32178 | High | 7.5 |
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
|
— | Apr 14, 2026 |
| CVE-2026-4352 | High | 7.5 |
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endp…
|
— | Apr 14, 2026 |
| CVE-2026-24032 | High | 7.3 |
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains a…
|
— | Apr 14, 2026 |
| CVE-2026-4388 | High | 7.2 |
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box…
|
— | Apr 14, 2026 |
| CVE-2026-3017 | High | 7.2 |
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P…
|
— | Apr 14, 2026 |
| CVE-2026-6227 | High | 7.2 |
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/…
|
— | Apr 14, 2026 |
| CVE-2026-4345 | High | 7.1 |
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripti…
|
— | Apr 14, 2026 |
| CVE-2026-4369 | High | 7.1 |
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and…
|
— | Apr 14, 2026 |
| CVE-2026-34256 | High | 7.1 |
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke…
|
— | Apr 14, 2026 |
| CVE-2026-33892 | High | 7.1 |
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial…
|
— | Apr 14, 2026 |
| CVE-2026-32188 | High | 7.1 |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
— | Apr 14, 2026 |
| CVE-2026-4344 | High | 7.1 |
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked…
|
— | Apr 14, 2026 |
| CVE-2026-32195 | High | 7.0 |
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
— | Apr 14, 2026 |