NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-26151	Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.	2026-04-14	7.1	NETWORK	HIGH	NVD
CVE-2026-26149	Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over ...	2026-04-14	9.0	NETWORK	CRITICAL	NVD
CVE-2026-26143	Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.	2026-04-14	7.8	LOCAL	HIGH	NVD
CVE-2026-25184	Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an a...	2026-04-14	7.0	LOCAL	HIGH	NVD
CVE-2026-24907	October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnera...	2026-04-14	5.1	NETWORK	MEDIUM	NVD
CVE-2026-24906	October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnera...	2026-04-14	5.1	NETWORK	MEDIUM	NVD
CVE-2026-23670	Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locall...	2026-04-14	5.7	LOCAL	MEDIUM	NVD
CVE-2026-23666	Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.	2026-04-14	7.5	NETWORK	HIGH	NVD
CVE-2026-23657	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.	2026-04-14	7.8	LOCAL	HIGH	NVD
CVE-2026-23653	Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized atta...	2026-04-14	5.7	NETWORK	MEDIUM	NVD
CVE-2026-21331	Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convi...	2026-04-14	6.1	NETWORK	MEDIUM	NVD
CVE-2026-20945	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to p...	2026-04-14	4.6	NETWORK	MEDIUM	NVD
CVE-2026-20930	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attack...	2026-04-14	7.8	LOCAL	HIGH	NVD
CVE-2026-20928	Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a...	2026-04-14	4.6	PHYSICAL	MEDIUM	NVD
CVE-2026-20806	Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.	2026-04-14	5.5	LOCAL	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.