191
CVEs
38
Threats
0
News
42
Critical
44
CISA KEV
🛡 Security Vulnerabilities (CVE)
Microsoft Office — CVE-2009-0238
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Required Action: Ap…
Microsoft Visual Basic for Applications (VBA) — CVE-2012-1854
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicabl…
Adobe Acrobat — CVE-2020-9715
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigation…
Microsoft Exchange Server — CVE-2023-21529
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guida…
CVE-2023-36424
Windows Common Log File System Driver Out-of-Bounds Read Privilege Escalation
05:16 KSA
Microsoft Windows — CVE-2023-36424
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guida…
Microsoft Windows — CVE-2025-60710
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the produc…
Fortinet FortiClient EMS — CVE-2026-21643
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Required Action: Apply mitigations per vendor ins…
Adobe Acrobat and Reader — CVE-2026-34621
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discon…
NETGEAR DGN2200 Devices OS Command Injection Vulnerability — dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability — A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to r…
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability — The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
CVE-2019-15752
Docker Desktop Community Edition Privilege Escalation Vulnerability — Docker Desktop Community Edition contains a vulner
11:01 KSA
Docker Desktop Community Edition Privilege Escalation Vulnerability — Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bi…
CVE-2025-25257
Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)
11:01 KSA
Fortinet FortiWeb SQL Injection Vulnerability — Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-26633
Microsoft Windows MMC Security Feature Bypass Vulnerability (CVE-2025-26633)
11:01 KSA
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability — Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
FreeType Out-of-Bounds Write Vulnerability — FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
CVE-2025-2775
SysAid On-Prem XXE Vulnerability in Checkin Processing Enables Admin Takeover
11:01 KSA
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability — SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read p…
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability — SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file rea…
Google Chromium Mojo Sandbox Escape Vulnerability — Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web br…
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user vi…
Srimax Output Messenger Directory Traversal Vulnerability — Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access…
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability — tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may inc…
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability — reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.
CVE-2025-31125
Vite Dev Server Improper Access Control - Unauthorized File Content Exposure
11:01 KSA
Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or serve…
CrushFTP Authentication Bypass Vulnerability — CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to…
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability — Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, pote…
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability — Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands a…
Langflow Missing Authentication Vulnerability — Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-32709
Windows Ancillary Function Driver WinSock Use-After-Free Privilege Escalation
11:01 KSA
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability — Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability — Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP reque…
Microsoft Windows External Control of File Name or Path Vulnerability — Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Int…
CVE-2025-33073
Microsoft Windows SMB Client Privilege Escalation via Improper Access Control
11:01 KSA
Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machi…
Microsoft SharePoint Improper Authentication Vulnerability — Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive informati…
Trend Micro Apex One OS Command Injection Vulnerability — Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installatio…
Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger proc…
CVE-2025-55182
Meta React Server Components RCE Vulnerability - Unauthenticated Code Execution
11:01 KSA
Meta React Server Components Remote Code Execution Vulnerability — Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function e…
CVE-2026-25654
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate u
09:48 KSA
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the abil…
CVE-2026-27668
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). U
09:48 KSA
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and gr…
CVE-2026-32171
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a netw
06:19 KSA
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-33120
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
17:32 KSA
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-5992
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2
03:48 KSA
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publ…
CVE-2026-6012
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file
03:48 KSA
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be …
CVE-2026-6013
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g
07:54 KSA
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from …
CVE-2026-6014
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA
13:55 KSA
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remot…
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui
20:00 KSA
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch th…
CVE-2026-6016
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W
20:00 KSA
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be init…
CVE-2026-27928
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
21:54 KSA
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-34617
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could r
17:32 KSA
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining eleva…
CVE-2026-27305
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files an…
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id}
02:16 KSA
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite t…
CVE-2026-27306
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction…
CVE-2026-32190
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
13:16 KSA
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-33114
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33115
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,
03:48 KSA
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization …
CVE-2026-27912
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
21:54 KSA
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-30814
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attac
02:16 KSA
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash…
CVE-2026-30815
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent
02:16 KSA
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may …
CVE-2026-30818
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent
02:16 KSA
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may a…
CVE-2026-33826
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent net
17:32 KSA
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-23657
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
21:54 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-26143
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
21:54 KSA
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-26183
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
21:54 KSA
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-27238
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
15:49 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
CVE-2026-27283
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in a
15:49 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27284
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a cr
21:54 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the con…
CVE-2026-27287
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file
05:48 KSA
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of th…
CVE-2026-27289
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted f
23:36 KSA
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of…
CVE-2026-27291
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could resul
21:54 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi…
CVE-2026-27292
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitra
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27293
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resul
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi…
CVE-2026-27294
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context o…
CVE-2026-27295
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in a
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27296
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
CVE-2026-27297
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confus
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th…
CVE-2026-27310
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27311
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27312
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27313
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
01:41 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27924
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
21:54 KSA
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32168
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
06:19 KSA
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32184
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elev
04:54 KSA
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32189
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
11:03 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32192
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
13:16 KSA
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32197
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
13:16 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32200
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-33095
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges loc
17:32 KSA
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27913
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
21:54 KSA
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-34619
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized fil…
CVE-2025-52222
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-840
22:16 KSA
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct,…
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26171
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
21:54 KSA
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-27282
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this …
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The…
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endp
09:48 KSA
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via `sprintf(…
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.
This could allow an unauthenticated remote attacker to bypass a…
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results in sql injection. It is possible to initiate the attack remotely. The exploit i…
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly dis…
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been di…
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. …
CVE-2026-3017
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P
09:48 KSA
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the import_shortcodes() function. This makes it possi…
CVE-2026-4388
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box
09:48 KSA
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`sanitize_text_field` strips tag…
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences.…
CVE-2026-32188
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
07:00 KSA
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do …
CVE-2026-34256
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke
05:35 KSA
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is su…
CVE-2026-4344
Autodesk Fusion Stored XSS in Delete Confirmation Dialog via Component Names
15:49 KSA
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulner…
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary co…
CVE-2026-4369
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and
15:49 KSA
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage thi…
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32195
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
13:16 KSA
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
17:32 KSA
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization…
CVE-2026-32223
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a phys
00:48 KSA
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-32167
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
00:48 KSA
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32176
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
00:48 KSA
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a va…
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-27677
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could upd
07:16 KSA
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and avai…
CVE-2026-27678
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker
07:16 KSA
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confide…
CVE-2026-27679
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker
07:16 KSA
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confid…
CVE-2026-27925
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose informa
00:48 KSA
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-32201
Microsoft Office SharePoint Improper Input Validation Spoofing Vulnerability
00:48 KSA
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability aff…
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensit…
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th…
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-su…
CVE-2026-27299
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead
07:16 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue require…
CVE-2026-34626
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Mo
00:48 KSA
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current us…
CVE-2026-32072
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
00:48 KSA
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
CVE-2026-0512
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catal
07:16 KSA
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browse…
CVE-2026-21331
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I
00:48 KSA
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the …
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-27674
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated att
07:16 KSA
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affecte…
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and inte…
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the …
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_…
CVE-2026-32226
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an
00:48 KSA
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23653
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio
00:48 KSA
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-23670
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to by
00:48 KSA
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-20806
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose i
00:48 KSA
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
CVE-2026-27222
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application
02:54 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user in…
CVE-2026-27258
DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to applicat
00:48 KSA
DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of…
CVE-2026-27285
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
00:48 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this…
CVE-2026-27286
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
00:48 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires …
CVE-2026-27300
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could
07:16 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction …
CVE-2026-27301
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead
07:16 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user i…
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32081
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32084
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32085
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacke
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
CVE-2026-32181
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
00:48 KSA
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32214
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information loca
00:48 KSA
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32216
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
00:48 KSA
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
CVE-2026-32217
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information
00:48 KSA
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32218
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information
00:48 KSA
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-33103
Microsoft Dynamics 365 On-Premises Improper Access Control Information Disclosure
00:48 KSA
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
Adobe Experience Manager versions FP11.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they…
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. …
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. …
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. …
CVE-2025-15565
The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization check
05:00 KSA
The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders …
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit…
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
⚠️ Threat Intelligence
38 threats
rss:Recorded Future
—
12:51 KSA
Iran War: Future Scenario and Business Implications
Analysis of potential Iran conflict scenarios and their implications for business operations and cybersecurity posture. Geopolitical tensions with Iran pose significant cyber threats to critical infrastructure …
rss:Dark Reading
—
03:32 KSA
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Organizations must test DDoS defenses during peak operational periods, not just in controlled environments. Testing during high-demand scenarios like tax deadlines ensures networks can wi…
rss:Dark Reading
—
03:32 KSA
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
EDR-killer malware using bring-your-own-vulnerable-driver (BYOVD) techniques poses significant challenges to endpoint security. Attackers exploit legitimate but vulnerable drivers to disable securit…
rss:BleepingComputer
—
03:32 KSA
Over 100 Chrome extensions in Web Store target users accounts and data
Over 100 malicious Chrome extensions discovered in the official Web Store actively stealing Google OAuth2 Bearer tokens and user credentials. The extensions deploy backdoors and conduct ad fr…
rss:Recorded Future
—
01:17 KSA
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
Recorded Future announces new pricing structure bundling threat intelligence capabilities into four solutions and three tiered plans with unlimited users and integration…
rss:BleepingComputer
—
01:17 KSA
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Microsoft released April 2026 Patch Tuesday updates addressing 167 security vulnerabilities, including 2 actively exploited zero-day flaws. Organizations using Microsoft products should prioritize i…
rss:Recorded Future
—
00:16 KSA
Iran War: Future Scenario and Business Improvements
Analysis of potential Iran conflict scenarios and their implications for business operations and cybersecurity posture. Focuses on geopolitical cyber threats and preparedness strategies for organizations in the…
rss:SecurityWeek
—
00:16 KSA
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
Microsoft released patches for 161 vulnerabilities including an actively exploited SharePoint zero-day vulnerability. This represents the second-largest Patch Tuesday release by CVE co…
rss:Dark Reading
—
00:16 KSA
Wargame Exercise Demonstrates How Social Media Manipulation Works
Educational wargame 'Capture the Narrative' trained students to create social media bots for election manipulation, demonstrating real-world disinformation tactics. The exercise highlights vulnera…
rss:BleepingComputer
—
00:16 KSA
Windows 11 cumulative updates KB5083769 & KB5082052 released
Microsoft released Windows 11 cumulative updates KB5083769 and KB5082052 for versions 25H2/24H2 and 23H2, addressing security vulnerabilities and bugs while adding new features. Organizations shoul…
rss:BleepingComputer
—
00:16 KSA
McGraw-Hill confirms data breach following extortion threat
Education publisher McGraw-Hill confirmed a data breach where attackers exploited a Salesforce misconfiguration to access internal data. The incident involved extortion threats, highlighting risks of cl…
rss:BleepingComputer
—
00:16 KSA
Microsoft releases Windows 10 KB5082200 extended security update
Microsoft released Windows 10 KB5082200 extended security update addressing April 2026 Patch Tuesday vulnerabilities, including two actively exploited zero-day vulnerabilities. This critical update…
rss:SecurityWeek
—
23:13 KSA
Adobe Patches 55 Vulnerabilities Across 11 Products
Adobe released security patches for 55 vulnerabilities across 11 products, with critical ColdFusion vulnerabilities identified as the highest risk for exploitation. Organizations using Adobe products should pri…
rss:The Hacker News
—
23:13 KSA
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Two high-severity command injection vulnerabilities discovered in Composer PHP package manager could allow attackers to execute arbitrary commands. The flaws affect Perforce VCS integra…
rss:BleepingComputer
—
23:13 KSA
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
A fraudulent Ledger Live application distributed through Apple's App Store for macOS successfully stole approximately $9.5 million in cryptocurrency from 50 victims within days. This incident highli…
rss:The Hacker News
—
21:58 KSA
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Cybersecurity researchers discovered a sophisticated ad fraud scheme using AI-generated content and SEO poisoning to inject deceptive news stories into Google Discover feed. The…
rss:BleepingComputer
—
21:57 KSA
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
Microsoft introduced a fast-track process to restore developer access to Windows Hardware Program accounts after widespread suspensions without warning. This incident highlights supply cha…
rss:The Hacker News
—
20:54 KSA
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
Google has integrated a Rust-based DNS parser into Pixel 10 modem firmware to enhance device security through memory-safe code. This implementation aims to reduce security vulnerabilities …
rss:BleepingComputer
—
20:54 KSA
5 Ways Zero Trust Maximizes Identity Security
Stolen credentials continue to be a primary attack vector enabling privilege escalation. Zero Trust architecture addresses this by implementing identity-first security controls, enforcing device trust verification, a…
rss:SecurityWeek
—
19:48 KSA
‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats
AI models like Mythos are dramatically reducing the time between vulnerability discovery and exploitation, creating high-velocity cyberattacks. CISOs have a shrinking window to prepar…
rss:Malwarebytes Lab
—
18:45 KSA
Omnistealer uses the blockchain to steal everything it can
Omnistealer is an advanced information-stealing malware that targets password managers, saved credentials, cloud storage accounts, and cryptocurrency wallets. The malware leverages blockchain technology …
rss:SecurityWeek
—
18:45 KSA
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
Basic-Fit, Europe's largest gym chain, suffered a data breach affecting 1 million members. Hackers stole personal information including names, dates of birth, and bank account details, posing …
rss:SecurityWeek
—
17:36 KSA
Triad Nexus Evades Sanctions to Fuel Cybercrime
A large-scale cybercrime operation called Triad Nexus exploits major service providers to evade sanctions and prevent infrastructure takedowns. The group's sophisticated evasion tactics allow it to maintain persist…
rss:SecurityWeek
—
17:36 KSA
SAP Patches Critical ABAP Vulnerability
SAP released 19 security notes addressing vulnerabilities across multiple enterprise products, including a critical flaw in ABAP. Organizations using SAP systems should prioritize patching to prevent potential exploitation…
rss:The Hacker News
—
17:36 KSA
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
Mirax Android RAT targets Spanish-speaking users through Meta platform advertisements, compromising over 220,000 accounts across Facebook, Instagram, Messenger, and Threads. The m…
rss:Malwarebytes Lab
—
16:29 KSA
ChatGPT under scrutiny as Florida investigates campus shooting
Investigation reveals AI chatbots may fail to prevent dangerous conversations, raising concerns about AI safety controls and content moderation. Research indicates chatbots don't consistently shut do…
rss:SecurityWeek
—
16:29 KSA
Google Adds Rust DNS Parser to Pixel Phones for Better Security
Google has integrated a Rust-based DNS parser into Pixel phones to eliminate memory safety vulnerabilities in low-level system components. This proactive security measure addresses an entire class o…
rss:SecurityWeek
—
16:29 KSA
Nightclub Giant RCI Hospitality Reports Data Breach
RCI Hospitality disclosed in an SEC filing that an Insecure Direct Object Reference (IDOR) vulnerability in RCI Internet Services resulted in unauthorized exposure of contractor data. The vulnerability allowed …
rss:The Hacker News
—
16:28 KSA
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security analyzed 216 million security findings across 250 organizations, revealing a 400% increase in critical risk despite only 52% growth in total alerts. The surge is at…
rss:SecurityWeek
—
15:21 KSA
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
Critical vulnerabilities in Windows and Adobe Acrobat are being actively exploited by attackers. These security defects enable privilege escalation and remote arbitrary code execution, posi…
rss:The Hacker News
—
15:21 KSA
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Researchers discovered 108 malicious Chrome extensions connected to the same command-and-control infrastructure, designed to steal user data from Google and Telegram accounts.…
rss:The Hacker News
—
12:18 KSA
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
CISA added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting Fortinet, Microsoft, and Adobe software. The vulnerabilities include SQL inje…
rss:The Hacker News
—
12:18 KSA
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical remote code execution vulnerability (CVE-2025-0520) in ShowDoc, a popular document management platform in China, is being actively exploited in the wild. The flaw has a CVSS score …
rss:Dark Reading
—
04:18 KSA
CSA: CISOs Should Prepare for Post-Mythos Exploit Storm
Cloud Security Alliance warns CISOs of an impending 'AI vulnerability storm' following Anthropic's Claude Mythos release. Security experts anticipate increased exploitation attempts targeting AI systems and…
rss:BleepingComputer
—
04:18 KSA
European Gym giant Basic-Fit data breach affects 1 million members
Dutch fitness company Basic-Fit suffered a data breach exposing personal information of one million customers. The incident demonstrates risks to customer data in the fitness and wellness sector,…
rss:Dark Reading
—
03:16 KSA
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
Adobe has patched a zero-day vulnerability in Acrobat and Reader that was actively exploited for at least four months using malicious PDF files. The prolonged exploitation period indicates a soph…
rss:BleepingComputer
—
03:16 KSA
Stolen Rockstar Games analytics data leaked by extortion gang
Rockstar Games experienced a data breach through a security incident at analytics provider Anodot. The ShinyHunters extortion gang has leaked the stolen analytics data on their data leak site, exposin…
rss:BleepingComputer
—
03:16 KSA
Critical flaw in wolfSSL library enables forged certificate use
A critical vulnerability has been discovered in the wolfSSL SSL/TLS library affecting ECDSA signature verification. The flaw allows improper verification of hash algorithms, potentially enabling att…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Tuesday, April 14, 2026
CVE Archive ·
Threats ·
News