CVE Vulnerabilities - 14 April 2026

A security issue in the upnp.dll component of Windows allows an attacker who has already gained some level of access to the system to access sensitive information that should be kept private. This cou...

A flaw in Windows' upnp.dll lets authorized attackers view files on the same network. This could expose sensitive business information. Patch your Windows systems to fix this issue.

A weakness in Windows allows an authorized user to intentionally block a system from functioning. This could be done by a legitimate user who has elevated privileges, potentially disrupting the system...

A security issue in Windows Remote Procedure Call allows an authorized user's sensitive information to be accessed by others on the same system. This means that an attacker who already has local acces...

If you use Windows File Explorer, an attacker with normal user rights on your computer can see sensitive information. This could be useful for a malicious user to learn more about your system or plans...

Windows File Explorer has a flaw that lets attackers who are already on a computer see sensitive information. This is a concern for organizations that store confidential data on their computers. To mi...

An issue in Windows File Explorer can reveal sensitive information to anyone with access to the computer. This makes it easier for an attacker who already has permission to access the machine to disco...

A security weakness in Windows GDI could allow an attacker to access sensitive information on a local computer. This means an attacker could potentially access confidential data without permission. Us...

An attacker with local access can exploit a vulnerability in Windows' Graphics Device Interface (GDI) to access and reveal sensitive information on a Windows system. This could potentially allow an at...

If you use Adobe DNG SDK, update to a fixed version to avoid potential crashes when opening malicious files. A hacker could create a file that crashes your application, making it unresponsive. Update ...

A flaw in Windows COM can allow attackers with local access to access sensitive information. This means that a user with normal privileges on a Windows system could potentially read data they shouldn'...

Adobe InDesign Desktop versions 20.5.2 and earlier are vulnerable to a security risk. If you open a malicious file with InDesign, an attacker could access sensitive information stored on your computer...

Adobe InDesign versions 20.5.2 and earlier are at risk of crashing if you open a specially crafted file. This could disrupt your work and make your program unusable. Update to the latest version to pr...

A bug in the Sigstore Timestamp Authority Verifier can allow attackers to pretend to be someone else, potentially gaining unauthorized access. This issue only affects users of the specific 'timestamp-...

A weakness in WWBN AVideo's video duration handling allows attackers to inject malicious code into the video database. This can lead to unauthorized actions when users view videos with crafted duratio...

A security flaw in the video encoder of WWBN AVideo allows attackers to inject malicious code into video durations. This could potentially allow an attacker to steal sensitive information or take cont...

A flaw in AVideo's comment deletion system allows an attacker to trick a moderator or content creator into deleting multiple comments at once. This can happen when the moderator visits a malicious web...

Avideo's comment deletion feature is vulnerable to a security issue that allows an attacker to trick a victim into deleting multiple comments at once. This can happen when a victim, who has permission...

AVideo's comment voting system is vulnerable to attacks that can manipulate votes without the user's consent. This can happen when a victim visits a malicious website and their browser is tricked into...

AVideo's comment and vote system is at risk because attackers can trick logged-in users into changing their likes and dislikes or creating new comments. This can happen when a user visits a malicious ...

A security patch is available for Docmost versions prior to 0.71.0. A low-privileged user on the same workspace can upload a file to overwrite another user's attachment without permission. Update to v...

Versions of Docmost prior to 0.71.0 have a security issue where a malicious user can trick another user into running their own JavaScript code when viewing a specially crafted attachment. This can hap...

Adobe Experience Manager versions 6.5.24 and earlier have a security issue that lets an attacker add malicious code to a website you visit. This requires you to click on a link or visit a specific web...

Adobe Experience Manager versions 6.5.24 and earlier are at risk of being exploited by malicious websites. If a user visits a specially designed website, an attacker could inject harmful code into the...

Adobe Experience Manager versions 6.5.24 and earlier are vulnerable to a browser attack that allows malicious code to run if a user visits a specially crafted website. This could lead to unauthorized ...