CVE Vulnerabilities - 14 April 2026

A security issue in Microsoft Brokering File System could allow someone with authorized access to gain more permissions on a local machine than they should have. This could potentially lead to data be...

A security flaw in the Windows Kernel allows a malicious program running on a local machine to potentially gain elevated access. This could lead to unauthorized changes to system settings or data. Upd...

An attacker with authorized access to a Windows system can exploit a flaw in the operating system's kernel, potentially allowing them to gain elevated privileges and access sensitive areas of the syst...

A flaw in the Windows Client Side Caching driver (csc.sys) could allow a hacker with access to the system to gain higher-level access than they normally should have. This could happen if a specific se...

An attacker with permission to send push notifications to a Windows system may be able to gain elevated privileges on the system, potentially allowing them to access sensitive data or make unauthorize...

An attacker with local access to a Windows system can exploit a weakness in PowerShell to gain higher-level user permissions. This could allow the attacker to make unauthorized changes or access sensi...

An issue with how Windows manages networking functions can allow an attacker with local access to gain higher-level access to the system. This could potentially let an attacker do things they shouldn'...

An issue in Windows Kernel software may allow an authorized user to gain more access to a system than they should have. This could potentially allow a malicious user to take control of a system. Updat...

An attacker with authorized access to a Windows system can misuse a specific feature to gain higher-level permissions. This puts sensitive data and system settings at risk. To protect your system, app...

An attacker with authorized access to the Windows Sensor Data Service can potentially gain elevated system privileges on a Windows system. This means they could make changes that a normal user shouldn...

The Windows Remote Desktop Licensing Service does not require authentication for a critical function, which could allow an authorized user to gain more access on a local network. This could lead to un...

An attacker with access to the Windows Remote Desktop Licensing Service can potentially gain elevated local privileges. This is a concern because it could allow an attacker to make unauthorized change...

A security issue in Windows Hyper-V allows an attacker with local access to execute malicious code on a vulnerable system. This could potentially allow the attacker to take control of the system or di...

An authorized user on a Windows system can potentially exploit a weakness in the Encrypting File System, allowing them to gain elevated access to the system. This means an attacker with legitimate acc...

An attacker can bypass a security feature on a local system by sending special input to PowerShell. This means an attacker could potentially access restricted areas of the system without proper author...

An attacker can run unauthorized code on your computer if they know how to exploit a weakness in Microsoft Office Word. This could lead to data theft or system damage. Update your Office software to t...

Windows Management Services has a bug that can let authorized users gain more access on a local computer than they should have. This could let them do things they shouldn't be able to do, like install...

Adobe InDesign versions 20.5.2 and earlier have a security flaw that lets hackers write malicious code to your computer if you open a bad file. This requires you to open the file yourself, so it's not...

Adobe InDesign versions 20.5.2 and earlier are at risk if a user opens a specially crafted file. This could allow an attacker to run malicious code on the user's computer. To protect yourself, make su...

If you use InDesign Desktop versions 20.5.2 or earlier, opening a malicious file could let an attacker run code on your computer with your user permissions. This could potentially lead to unauthorized...

Adobe InDesign versions 20.5.2 and earlier are vulnerable to a security issue that could cause the app to crash or run malicious code on your computer if you open a poisoned file. This means you could...

A specific combination of flags in Deno's command line interface can allow more access than intended, potentially allowing a program to read files it shouldn't be able to. This issue affects users who...

If you use Axios to send requests to a server and that server redirects you to a different site, sensitive information like API keys or authentication tokens may be sent to the new site. This is a sec...

A specific type of malicious GraphQL query can cause a GraphQL PHP application to become unresponsive due to excessive CPU usage. This occurs when a query contains many repeated fields with the same n...

## Summary The `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname matches `webSiteRootURL` to bypass all SS...