Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
17,910 matching · page 157/359Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-3505(opens NVD record) | High | 7.5 | Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84. | Apr 15, 2026 |
| CVE-2026-0636(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84. | Apr 15, 2026 |
| CVE-2025-14813(opens NVD record) | High | 7.5 | : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84. | Apr 15, 2026 |
| CVE-2026-33806(opens NVD record) | High | 7.5 | Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify >= 5.3.2 by the fix for CVE-2025-32442 Patches: Upgrade to fastify v5.8.5 or later. Workarounds: None. Upgrade to the patched version. | Apr 15, 2026 |
| CVE-2026-40688(opens NVD record) | High | 7.2 | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. | Apr 14, 2026 |
| CVE-2026-33414(opens NVD record) | High | 7.8 | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. Because PowerShell evaluates subexpressions inside double-quoted strings before executing the outer command, an attacker who can control the VM image path through a crafted machine name or image directory can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations this means SYSTEM-level code execution, and only Windows is affected as the code is exclusive to the HyperV backend. This issue has been patched in version 5.8.2. | Apr 14, 2026 |
| CVE-2026-27301(opens NVD record) | Medium | 5.5 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27300(opens NVD record) | Medium | 5.5 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27299(opens NVD record) | Medium | 6.3 | Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27298(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27297(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27296(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27295(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27294(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27293(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27292(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27290(opens NVD record) | High | 8.6 | Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. | Apr 14, 2026 |
| CVE-2026-34631(opens NVD record) | High | 7.8 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27287(opens NVD record) | High | 7.8 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-34630(opens NVD record) | High | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-34618(opens NVD record) | High | 7.8 | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27313(opens NVD record) | High | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27312(opens NVD record) | High | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27311(opens NVD record) | High | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27310(opens NVD record) | High | 7.8 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-27222(opens NVD record) | Medium | 5.5 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Apr 14, 2026 |
| CVE-2026-34617(opens NVD record) | High | 8.7 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | Apr 14, 2026 |
| CVE-2026-34615(opens NVD record) | Critical | 9.3 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | Apr 14, 2026 |
| CVE-2026-34614(opens NVD record) | Medium | 6.1 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. | Apr 14, 2026 |
| CVE-2026-33829(opens NVD record) | Medium | 4.3 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | Apr 14, 2026 |
| CVE-2026-33827(opens NVD record) | High | 8.1 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33826(opens NVD record) | High | 8.0 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | Apr 14, 2026 |
| CVE-2026-33825(opens NVD record) | High | 7.8 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33824(opens NVD record) | Critical | 9.8 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33822(opens NVD record) | Medium | 6.1 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-33120(opens NVD record) | High | 8.8 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | Apr 14, 2026 |
| CVE-2026-33116(opens NVD record) | High | 7.5 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-33115(opens NVD record) | High | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-33114(opens NVD record) | High | 8.4 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-33104(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33103(opens NVD record) | Medium | 5.5 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | Apr 14, 2026 |
| CVE-2026-33101(opens NVD record) | High | 7.8 | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33100(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33099(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33098(opens NVD record) | High | 7.8 | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |
| CVE-2026-33096(opens NVD record) | High | 7.5 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-33095(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 |
| CVE-2026-32226(opens NVD record) | Medium | 5.9 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | Apr 14, 2026 |
| CVE-2026-32225(opens NVD record) | High | 8.8 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | Apr 14, 2026 |
| CVE-2026-32224(opens NVD record) | High | 7.0 | Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | Apr 14, 2026 |