9
CVE-2026-26149 - Microsoft Power Apps Security Feature Bypass
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
5.7
CVE-2026-23670 - Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
4.6
CVE-2026-20945 - Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
7
CVE-2026-25184 - Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
5.7
CVE-2026-23653 - GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
7.8
CVE-2026-20930 - Windows Management Services Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
4.9
CVE-2026-22692 - October CMS: Twig Sandbox Bypass via Collection Methods
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (CMS_SAFE_MODE). Certain methods on the collect() helper were not properly restricted, allowing authβ¦
7.8
CVE-2026-27284 - InDesign Desktop | Out-of-bounds Read (CWE-125)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the currentβ¦
5.5
CVE-2026-27285 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires useβ¦
5.5
CVE-2026-27286 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction inβ¦