Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,504
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,021 - 21,040 of 40,198 CVEs
CVE-2026-26153 HIGH - 7.8

Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-26152 HIGH - 7.0

Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-26151 HIGH - 7.1

Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

Published: Apr 14, 2026
Source: NVD
CVE-2026-26149 CRITICAL - 9.0

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.

Published: Apr 14, 2026
Source: NVD
CVE-2026-26143 HIGH - 7.8

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-25184 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-24907 MEDIUM - 5.4

October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, all...

Vendor: octobercms
Product: october
Published: Apr 14, 2026
Source: NVD
CVE-2026-24906 MEDIUM - 5.4

October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup Classes fields (used for paragraph styles, inline styles, table styles, etc.) did not sanitize input...

Vendor: octobercms
Product: october
Published: Apr 14, 2026
Source: NVD
CVE-2026-23670 MEDIUM - 5.7

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-23666 HIGH - 7.5

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

Published: Apr 14, 2026
Source: NVD
CVE-2026-23657 HIGH - 7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-23653 MEDIUM - 5.7

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

Published: Apr 14, 2026
Source: NVD
CVE-2026-21331 MEDIUM - 6.1

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

Vendor: Adobe
Product: Adobe Connect
Published: Apr 14, 2026
Source: NVD
CVE-2026-20945 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Published: Apr 14, 2026
Source: NVD
CVE-2026-20930 HIGH - 7.8

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-20928 MEDIUM - 4.6

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

Published: Apr 14, 2026
Source: NVD
CVE-2026-20806 MEDIUM - 5.5

Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

Published: Apr 14, 2026
Source: NVD
CVE-2026-0390 MEDIUM - 6.7

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Published: Apr 14, 2026
Source: NVD

Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.

Published: Apr 14, 2026
Source: NVD

A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.

Published: Apr 14, 2026
Source: NVD