| CVE-2026-27307 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. | low | 2026-04-16 |
| CVE-2026-27306 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-16 |
| CVE-2026-27305 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. | high | 2026-04-16 |
| CVE-2026-27304 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | critical | 2026-04-16 |
| CVE-2026-27282 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. | high | 2026-04-16 |
| CVE-2025-15565 | The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed. | medium | 2026-04-14 |
| CVE-2026-34161 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the /api/social_post_attachments endpoint. The uploaded file is served back from the application at the generated contentUrl without sanitization, content type restrictions, or a Content-Disposition: attachment header, causing the JavaScript to execute in the browser within the application's origin. Because the payload is stored server-side and runs in the trusted origin, an attacker can perform session hijacking, account takeover, privilege escalation (if an admin views the link), and arbitrary actions on behalf of the victim. This issue has been fixed in version 2.0.0-RC.3. | medium | 2026-04-17 |
| CVE-2026-34160 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetches using curl without filtering private or internal IP addresses, enabling unauthenticated Server-Side Request Forgery (SSRF). An attacker can exploit this to probe internal network services, access cloud metadata endpoints (such as 169.254.169.254) to steal IAM credentials and sensitive instance metadata, or trigger state-changing operations on internal services via the receipt and alerts callback parameters. No authentication is required to exploit either SSRF vector, significantly increasing the attack surface. This issue has been fixed in version 2.0.0-RC.3. | high | 2026-04-17 |
| CVE-2026-33715 | Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs authentication and installation-completed checks. Its test_mailer action accepts an arbitrary Symfony Mailer DSN string from POST data and uses it to connect to an attacker-specified SMTP server, enabling Server-Side Request Forgery (SSRF) into internal networks via the SMTP protocol. An unauthenticated attacker can also abuse this to weaponize the Chamilo server as an open email relay for phishing and spam campaigns, with emails appearing to originate from the server's IP address. Additionally, error responses from failed SMTP connections may disclose information about internal network topology and running services. This issue has been fixed in version 2.0.0-RC.3. | high | 2026-04-17 |
| CVE-2026-33714 | Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end parameters in the get_user_registration_by_month action, the same parameters remain unsanitized in the users_active action within the same file (public/main/inc/ajax/statistics.ajax.php), where they are directly interpolated into a SQL query. An authenticated admin can exploit this to perform time-based blind SQL injection, enabling extraction of arbitrary data from the database. This issue has been fixed in version 2.0.0. | high | 2026-04-17 |
| CVE-2026-27287 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-25133 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes (such as onclick or onload) could be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries, allowing malicious SVG files to be uploaded through the Media Manager with embedded JavaScript. Exploitation could lead to privilege escalation if a superuser views or embeds the malicious SVG, and requires authenticated backend access with media upload permissions. The SVG must be viewed or embedded in a page for the payload to trigger. This issue has been fixed in versions 3.7.14 and 4.1.10. | medium | 2026-04-17 |
| CVE-2026-25125 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parse_ini_string() function supports ${} syntax for environment variable interpolation, attackers with Editor access could inject patterns such as ${APP_KEY} or ${DB_PASSWORD} into CMS page settings fields, causing sensitive environment variables to be resolved, stored in the template, and returned to the attacker when the page was reopened. This could enable exfiltration of credentials and secrets (database passwords, AWS keys, application keys), potentially leading to further attacks such as database access or cookie forgery. The vulnerability is only relevant when cms.safe_mode is enabled, as direct PHP injection is already possible otherwise. This issue has been fixed in versions 3.7.14 and 4.1.10. If users are unable to immediately upgrade, they can workaround this issue by restricting Editor tool access to fully trusted administrators only, and ensuring database and cloud service credentials are not accessible from the web server's network. | medium | 2026-04-17 |
| CVE-2026-24893 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the monitoring backend. The vulnerability arises because user-controlled host attributes (specifically the host address) are expanded into monitoring command templates without validation, escaping, or quoting. These templates are later executed by the monitoring engine (Nagios/Icinga) via a shell, resulting in remote code execution. Version 5.5.2 patches the issue. | high | 2026-04-17 |
| CVE-2026-40683 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g., "FALSE") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected. | high | 2026-04-17 |
| CVE-2026-34630 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-34618 | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-27313 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-27312 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-27311 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-27310 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-27289 | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-15 |
| CVE-2026-27222 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | medium | 2026-04-15 |
| CVE-2026-40868 | kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token | high | |
| CVE-2026-34625 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | medium | 2026-04-15 |
| CVE-2026-34624 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | medium | 2026-04-15 |
| CVE-2026-34623 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | medium | 2026-04-15 |
| CVE-2026-5756 | Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services. | high | 2026-04-17 |
| CVE-2026-5754 | Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities. | medium | 2026-04-17 |
| CVE-2026-5752 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. | critical | 2026-04-17 |
| CVE-2026-34629 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-16 |
| CVE-2026-34628 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-16 |
| CVE-2026-34627 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high | 2026-04-16 |
| CVE-2026-34617 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | high | 2026-04-15 |
| CVE-2026-34615 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | critical | 2026-04-15 |
| CVE-2026-34614 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. | medium | 2026-04-15 |
| CVE-2026-33829 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | medium | 2026-04-17 |
| CVE-2026-33827 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | high | 2026-04-17 |
| CVE-2026-33826 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | high | 2026-04-17 |
| CVE-2026-33825 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | high | 2026-04-17 |
| CVE-2026-33824 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | critical | 2026-04-17 |
| CVE-2026-33822 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | medium | 2026-04-17 |
| CVE-2026-33120 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | high | 2026-04-17 |
| CVE-2026-33116 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | high | 2026-04-17 |
| CVE-2026-33115 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-04-17 |
| CVE-2026-33114 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high | 2026-04-17 |
| CVE-2026-33104 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | high | 2026-04-17 |
| CVE-2026-33103 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | medium | 2026-04-17 |
| CVE-2026-33101 | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | high | 2026-04-17 |
| CVE-2026-33100 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | high | 2026-04-17 |
