Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,121 - 13,140 of 13,618 CVEs
CVE-2026-21304 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21283 HIGH - 7.8

Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: bridge
Published: Jan 13, 2026
Source: NVD
CVE-2026-21281 HIGH - 7.8

InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: incopy
Published: Jan 13, 2026
Source: NVD
CVE-2026-21280 HIGH - 8.6

Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that se...

Vendor: adobe
Product: illustrator
Published: Jan 13, 2026
Source: NVD
CVE-2026-21277 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21276 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21275 HIGH - 7.8

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: indesign
Published: Jan 13, 2026
Source: NVD
CVE-2026-21274 HIGH - 7.8

Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitati...

Vendor: adobe
Product: dreamweaver
Published: Jan 13, 2026
Source: NVD
CVE-2026-21272 HIGH - 8.6

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires ...

Vendor: adobe
Product: dreamweaver
Published: Jan 13, 2026
Source: NVD
CVE-2026-21271 HIGH - 8.6

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is cha...

Vendor: adobe
Product: dreamweaver
Published: Jan 13, 2026
Source: NVD
CVE-2026-21268 HIGH - 8.6

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is cha...

Vendor: adobe
Product: dreamweaver
Published: Jan 13, 2026
Source: NVD
CVE-2026-21267 HIGH - 8.6

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that...

Vendor: adobe
Product: dreamweaver
Published: Jan 13, 2026
Source: NVD
CVE-2026-21226 HIGH - 7.5

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: azure_sdk_for_python
Published: Jan 13, 2026
Source: NVD
CVE-2026-21224 HIGH - 7.8

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: azure_connected_machine_agent
Published: Jan 13, 2026
Source: NVD
CVE-2026-21221 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Jan 13, 2026
Source: NVD
CVE-2026-21219 HIGH - 7.0

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: windows_software_development_kit
Published: Jan 13, 2026
Source: NVD
CVE-2026-20965 HIGH - 7.5

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_admin_center
Published: Jan 13, 2026
Source: NVD
CVE-2026-20963 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Jan 13, 2026
Source: NVD
CVE-2026-20957 HIGH - 7.8

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD
CVE-2026-20956 HIGH - 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Jan 13, 2026
Source: NVD