Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-27301 — Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)

Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose s…

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
5.5 MEDIUM
CVE-2026-27300 — Adobe Framemaker | Access of Uninitialized Pointer (CWE-824)

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disc…

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
6.3 MEDIUM
CVE-2026-27299 — Adobe Framemaker | Improper Input Validation (CWE-20)

Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to…

windows framemaker | Path Traversal
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27298 — Adobe Framemaker | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the contex…

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27297 — Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. …

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27296 — Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. …

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27295 — Adobe Framemaker | Out-of-bounds Write (CWE-787)

Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi…

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27294 — Adobe Framemaker | Out-of-bounds Read (CWE-125)

Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structur…

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27293 — Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)

Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.8 HIGH
CVE-2026-27292 — Adobe Framemaker | Use After Free (CWE-416)

Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu…

windows framemaker | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
8.6 HIGH
CVE-2026-27290 — Adobe Framemaker | Untrusted Search Path (CWE-426)

Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the app…

windows framemaker | Misconfiguration
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
8.8 HIGH
CVE-2026-40291 — Chamilo LMS has Privilege Escalation via API User Role Modification

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/{id} endpoint allows any authenti…

chamilo_lms | Remote | Authorization
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
7.0 HIGH
CVE-2026-39907 — Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's L…

Remote | Information Disclosure
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
7.0 HIGH
CVE-2026-39906 — Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hash…

Remote | Information Disclosure
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
8.8 HIGH
CVE-2026-35196 — Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exp…

chamilo_lms | Remote | Injection
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
7.8 HIGH
CVE-2026-34631 — InCopy | Out-of-bounds Write (CWE-787)

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is…

macos windows incopy | Memory Corruption
Apr 14, 2026 Apr 15, 2026
Apr 14, 2026
Apr 15, 2026
7.7 HIGH
CVE-2026-34619 — ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal…

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature…

coldfusion | Remote | Path Traversal
Apr 14, 2026 Apr 16, 2026
Apr 14, 2026
Apr 16, 2026
7.1 HIGH
CVE-2026-34602 — Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Us…

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing an aut…

chamilo_lms | Remote | Authorization
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
6.5 MEDIUM
CVE-2026-34370 — Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private …

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authen…

chamilo_lms | Remote | Authorization
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
5.4 MEDIUM
CVE-2026-34213 — Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated us…

docmost | Remote | Authorization
Apr 14, 2026 Apr 17, 2026
Apr 14, 2026
Apr 17, 2026
Showing 20 of 6470 Results