5.7
CVE-2026-23653 - GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
7.8
CVE-2026-20930 - Windows Management Services Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
4.9
CVE-2026-22692 - October CMS: Twig Sandbox Bypass via Collection Methods
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (CMS_SAFE_MODE). Certain methods on the collect() helper were not properly restricted, allowing authβ¦
7.8
CVE-2026-27284 - InDesign Desktop | Out-of-bounds Read (CWE-125)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the currentβ¦
5.5
CVE-2026-27285 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires useβ¦
5.5
CVE-2026-27286 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction inβ¦
7.8
CVE-2026-27283 - InDesign Desktop | Use After Free (CWE-416)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-27238 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-27291 - InDesign Desktop | Out-of-bounds Write (CWE-787)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.6
CVE-2026-34622 - Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollβ¦
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of tβ¦