🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-33103 | Medium | 5.5 |
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information lo…
|
— | Apr 14, 2026 |
| CVE-2026-32081 | Medium | 5.5 |
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis…
|
— | Apr 14, 2026 |
| CVE-2026-32214 | Medium | 5.5 |
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information loca…
|
— | Apr 14, 2026 |
| CVE-2026-32181 | Medium | 5.5 |
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
|
— | Apr 14, 2026 |
| CVE-2026-32215 | Medium | 5.5 |
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information…
|
— | Apr 14, 2026 |
| CVE-2026-32084 | Medium | 5.5 |
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis…
|
— | Apr 14, 2026 |
| CVE-2026-32079 | Medium | 5.5 |
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis…
|
— | Apr 14, 2026 |
| CVE-2026-27300 | Medium | 5.5 |
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could…
|
— | Apr 14, 2026 |
| CVE-2026-32085 | Medium | 5.5 |
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacke…
|
— | Apr 14, 2026 |
| CVE-2026-32212 | Medium | 5.5 |
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorize…
|
— | Apr 14, 2026 |
| CVE-2026-27930 | Medium | 5.5 |
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
|
— | Apr 14, 2026 |
| CVE-2026-27931 | Medium | 5.5 |
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
|
— | Apr 14, 2026 |
| CVE-2026-32218 | Medium | 5.5 |
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information…
|
— | Apr 14, 2026 |
| CVE-2026-27285 | Medium | 5.5 |
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could…
|
— | Apr 14, 2026 |
| CVE-2026-27286 | Medium | 5.5 |
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could…
|
— | Apr 14, 2026 |
| CVE-2026-27288 | Medium | 5.4 |
Adobe Experience Manager versions FP11.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability t…
|
— | Apr 14, 2026 |
| CVE-2026-34623 | Medium | 5.4 |
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln…
|
— | Apr 14, 2026 |
| CVE-2026-34624 | Medium | 5.4 |
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln…
|
— | Apr 14, 2026 |
| CVE-2026-34625 | Medium | 5.4 |
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln…
|
— | Apr 14, 2026 |
| CVE-2025-15565 | Medium | 5.3 |
The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization check…
|
— | Apr 14, 2026 |