🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-0390 | Medium | 6.7 |
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a sec…
|
— | Apr 14, 2026 |
| CVE-2026-32201 | Medium | 6.5 |
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a netw…
|
— | Apr 14, 2026 |
| CVE-2026-32151 | Medium | 6.5 |
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose in…
|
— | Apr 14, 2026 |
| CVE-2026-27925 | Medium | 6.5 |
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose informa…
|
— | Apr 14, 2026 |
| CVE-2026-26155 | Medium | 6.5 |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
|
— | Apr 14, 2026 |
| CVE-2026-27678 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker …
|
— | Apr 14, 2026 |
| CVE-2026-27679 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker…
|
— | Apr 14, 2026 |
| CVE-2026-27677 | Medium | 6.5 |
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could upd…
|
— | Apr 14, 2026 |
| CVE-2026-2582 | Medium | 6.5 |
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_hold…
|
— | Apr 14, 2026 |
| CVE-2026-34264 | Medium | 6.5 |
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due t…
|
— | Apr 14, 2026 |
| CVE-2026-34261 | Medium | 6.5 |
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could m…
|
— | Apr 14, 2026 |
| CVE-2026-1607 | Medium | 6.4 |
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `s…
|
— | Apr 14, 2026 |
| CVE-2026-4059 | Medium | 6.4 |
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shor…
|
— | Apr 14, 2026 |
| CVE-2026-27299 | Medium | 6.3 |
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead …
|
— | Apr 14, 2026 |
| CVE-2026-34626 | Medium | 6.3 |
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Mo…
|
— | Apr 14, 2026 |
| CVE-2026-32072 | Medium | 6.2 |
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
|
— | Apr 14, 2026 |
| CVE-2026-27674 | Medium | 6.1 |
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated att…
|
— | Apr 14, 2026 |
| CVE-2026-26169 | Medium | 6.1 |
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
|
— | Apr 14, 2026 |
| CVE-2026-0512 | Medium | 6.1 |
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catal…
|
— | Apr 14, 2026 |
| CVE-2026-21331 | Medium | 6.1 |
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I…
|
— | Apr 14, 2026 |