Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,525
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 20,841 - 20,860 of 40,198 CVEs
CVE-2026-27312 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27311 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27310 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27289 HIGH - 7.8

Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. E...

Vendor: Adobe
Product: Photoshop Desktop
Published: Apr 14, 2026
Source: NVD
CVE-2026-27222 MEDIUM - 5.5

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a ...

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-40868 HIGH - 8.1

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because...

Vendor: go
Product: github.com/kyverno/kyverno
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40176 HIGH - 7.8

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shell commands by interpolating user-supplied Perforce connection parameters (port, user, client) withou...

Vendor: composer
Product: composer/composer
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40261 HIGH - 8.8

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the Perforce::gen...

Vendor: composer
Product: composer/composer
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40255 MEDIUM - 6.1

AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP r...

Vendor: npm
Product: @adonisjs/http-server
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40249 MEDIUM - 5.3

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization erro...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 resp...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40247 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when val...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40246 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when va...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40245 HIGH - 7.5

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends ...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-34625 MEDIUM - 5.4

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Vendor: Adobe
Product: Adobe Experience Manager
Published: Apr 14, 2026
Source: NVD
CVE-2026-34624 MEDIUM - 5.4

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Vendor: Adobe
Product: Adobe Experience Manager
Published: Apr 14, 2026
Source: NVD
CVE-2026-34623 MEDIUM - 5.4

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Vendor: Adobe
Product: Adobe Experience Manager
Published: Apr 14, 2026
Source: NVD
CVE-2026-5756 HIGH - 7.5

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.

Published: Apr 14, 2026
Source: NVD
CVE-2026-5754 MEDIUM - 6.1

Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities.

Published: Apr 14, 2026
Source: NVD
CVE-2026-5752 CRITICAL - 9.3

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

Published: Apr 14, 2026
Source: NVD