Total CVEs

145,595

Critical Severity

4,259

High Severity

15,683

Last 7 Days

2,271
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 22,641 - 22,660 of 42,000 CVEs
CVE-2026-34618 HIGH - 7.8

Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Illustrator
Published: Apr 14, 2026
Source: NVD
CVE-2026-27313 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27312 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27311 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27310 HIGH - 7.8

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-27289 HIGH - 7.8

Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. E...

Vendor: Adobe
Product: Photoshop Desktop
Published: Apr 14, 2026
Source: NVD
CVE-2026-27222 MEDIUM - 5.5

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a ...

Vendor: Adobe
Product: Bridge
Published: Apr 14, 2026
Source: NVD
CVE-2026-40868 HIGH - 8.1

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because...

Vendor: go
Product: github.com/kyverno/kyverno
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40176 HIGH - 7.8

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shell commands by interpolating user-supplied Perforce connection parameters (port, user, client) withou...

Vendor: composer
Product: composer/composer
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40261 HIGH - 8.8

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the Perforce::gen...

Vendor: composer
Product: composer/composer
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40255 MEDIUM - 6.1

AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP r...

Vendor: npm
Product: @adonisjs/http-server
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40249 MEDIUM - 5.3

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization erro...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 resp...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40247 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when val...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40246 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when va...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40245 HIGH - 7.5

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends ...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 14, 2026
Source: GitHub
CVE-2026-34625 MEDIUM - 5.4

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Vendor: Adobe
Product: Adobe Experience Manager
Published: Apr 14, 2026
Source: NVD
CVE-2026-34624 MEDIUM - 5.4

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Vendor: Adobe
Product: Adobe Experience Manager
Published: Apr 14, 2026
Source: NVD
CVE-2026-34623 MEDIUM - 5.4

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of...

Vendor: Adobe
Product: Adobe Experience Manager
Published: Apr 14, 2026
Source: NVD
CVE-2026-5756 HIGH - 7.5

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.

Published: Apr 14, 2026
Source: NVD