9.3
CVE-2026-34615 - Adobe Connect | Deserialization of Untrusted Data (CWE-502)
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially β¦
9.3
CVE-2026-27243 - Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploβ¦
5.1
CVE-2026-24906 - October CMS has Stored XSS in its Backend Editor Markup Classes
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup Classes fields (used for paragraph styles, inline styles, table styles, etc.) did not sanitize inpuβ¦
7.8
CVE-2026-34628 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-34629 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-34627 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2026-27258 - DNG SDK | Out-of-bounds Write (CWE-787)
DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of this issue requireβ¦
5.5
CVE-2026-32214 - Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
4.3
CVE-2026-33829 - Windows Snipping Tool Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
9.8
CVE-2026-33824 - Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.