Home
Our Services
Free resources
- Privacy Research
  Free to use data privacy research
  Key Capabilities
  Latest privacy news tracking
  Product versions
  Latest privacy news tracking
  Track the latest news, breaches and fines
  Key features
  Tracks the latest breaches and fines
  View by industry
  View by breach method
  View by privacy topic
  Links to original articles
  Free to use
  
  Learn more »
  Latest Threat Intelligence
  Product versions
  Latest Threat Intelligence
  Track the Common Vulnerability Exposures (CVEs)
  Key features
  Tracks the latest vulnerabilities
  View by company
  View by breach method
  Links to NVD
  Free to use
  
  Learn more »
  Breach modelling and ROI calculator
  Product versions
  Breach modelling and ROI calculator
  Model what a breach would look like for you in your industry and use this to calculate your return on investment
  Key features
  Model your breach
  Assess the severity
  Compare by industry
  Breakdown costs
  Export to your business plan
  Free to use
  
  Learn more »
Privacy news
Company
- About Us
- FAQ
- Contact Us

Threat Intelligence

Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2026

CVE-2026-4379 (v3: 6.4) 8 Apr 2026

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in the `[gallery]` shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the `group` attribute value without proper escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2026-2988 (v3: 6.4) 8 Apr 2026

The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2026-5726 (v3: 7.8) 8 Apr 2026

ASDA-Soft Stack-based Buffer Overflow Vulnerability

CVE-2026-1163 (v3: 4.1) 8 Apr 2026

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject requests after a period of inactivity and the excessively long default session duration of 31 days. The vulnerability enables an attacker to maintain persistent access to a compromised account, even after the victim resets their password.

CVE-2026-3499 (v3: 8.8) 8 Apr 2026

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajax_migrate_to_custom_post_type, ajax_adt_clear_custom_attributes_product_meta_keys, ajax_update_file_url_to_lower_case, ajax_use_legacy_filters_and_rules, and ajax_fix_duplicate_feed functions. This makes it possible for unauthenticated attackers to trigger feed migration, clear custom-attribute transient caches, rewrite feed file URLs to lowercase, toggle legacy filter and rule settings, and delete duplicated feed posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2026-3296 (v3: 9.8) 8 Apr 2026

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize() on stored entry meta values without passing the allowed_classes parameter. This makes it possible for unauthenticated attackers to inject a serialized PHP object payload through any public Everest Forms form field. The payload survives sanitize_text_field() sanitization (serialization control characters are not stripped) and is stored in the wp_evf_entrymeta database table. When an administrator views entries or views an individual entry, the unsafe unserialize() call processes the stored data without class restrictions.

CVE-2026-33810 8 Apr 2026

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

CVE-2026-32289 8 Apr 2026

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

CVE-2026-32288 8 Apr 2026

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

CVE-2026-32283 8 Apr 2026

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

CVE-2026-32282 8 Apr 2026

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

CVE-2026-32281 8 Apr 2026

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

CVE-2026-32280 8 Apr 2026

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

CVE-2026-27144 8 Apr 2026

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

CVE-2026-27143 8 Apr 2026

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

CVE-2026-27140 8 Apr 2026

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

CVE-2026-4788 (v3: 8.4) 8 Apr 2026

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.

CVE-2026-3357 (v3: 8.8) 8 Apr 2026

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

CVE-2026-1346 (v3: 9.3) 8 Apr 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.

CVE-2026-1343 (v3: 7.2) 8 Apr 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

CVE-2026-5747 (v3: 7.5) 8 Apr 2026

An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.

CVE-2026-4406 (v3: 4.7) 8 Apr 2026

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX action in all versions up to, and including, 2.9.30. This is due to the `GFCommon::send_json()` method outputting JSON-encoded data wrapped in HTML comment delimiters using `echo` and `wp_die()`, which serves the response with a `Content-Type: text/html` header instead of `application/json`. The `wp_json_encode()` function does not HTML-encode angle brackets within JSON string values, allowing injected HTML/script tags in `form_ids` array values to be parsed and executed by the browser. The required `config_nonce` is generated with `wp_create_nonce('gform_config_ajax')` and is publicly embedded on every page that renders a Gravity Forms form, making it identical for all unauthenticated visitors within the same 12-hour nonce tick. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability cannot be exploited against users who are authenticated on the target system, but could be used to alter the target page.

CVE-2026-4401 (v3: 5.4) 8 Apr 2026

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods in `class-dlm-downloads-path.php` in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it possible for unauthenticated attackers to delete, disable, or enable approved download paths via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2026-4394 (v3: 6.1) 8 Apr 2026

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field (`input_.4`) in all versions up to, and including, 2.9.30. This is due to the `get_value_entry_detail()` method in the `GF_Field_CreditCard` class outputting the card type value without escaping, combined with `get_value_save_entry()` accepting and storing unsanitized user input for the `input_.4` parameter. The Card Type field is not rendered on the frontend form (it is normally derived from the card number), but the backend submission parser blindly accepts it if included in the POST request. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form entry in the WordPress dashboard.

CVE-2026-2263 (v3: 5.3) 8 Apr 2026

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustle_module_converted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for unauthenticated attackers to forge conversion tracking events for any Hustle module, including draft modules that are never displayed to users, thereby manipulating marketing analytics and conversion statistics.

CVE-2026-1342 (v3: 8.5) 8 Apr 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

CVE-2026-4656 7 Apr 2026

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39936 7 Apr 2026

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Score Extension.

CVE-2026-39935 7 Apr 2026

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - CampaignEvents Extension: 1.43.7, 1.44.4, 1.45.2.

CVE-2026-4065 (v3: 5.4) 7 Apr 2026

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not call checkForCap() (which requires unfiltered_html capability), and several controller actions only validate the nonce (validateToken()) without calling validatePermission(). This makes it possible for authenticated attackers, with Contributor-level access and above, to enumerate slider metadata and create, modify, and delete image storage records by obtaining the nextend_nonce exposed on post editor pages.

CVE-2026-39937 7 Apr 2026

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches.

CVE-2026-39934 7 Apr 2026

Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7.

CVE-2026-39933 7 Apr 2026

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS).This issue affects non release branches.

CVE-2026-39847 (v3: 9.1) 7 Apr 2026

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (eg /__emmett__/../rsgi/handlers.py) to read arbitrary files outside the assets directory. This vulnerability is fixed in 2.8.1.

CVE-2026-39846 (v3: 9) 7 Apr 2026

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer runs with nodeIntegration enabled and contextIsolation disabled, attacker-controlled JavaScript executes with access to Node.js APIs. In practice, an attacker can import a crafted note into a synced workspace, wait for the victim to sync, and achieve code execution when the victim opens the note. This vulnerability is fixed in 3.6.4.

CVE-2026-35568 7 Apr 2026

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.

CVE-2026-35406 (v3: 6.2) 7 Apr 2026

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

CVE-2026-34781 (v3: 2.8) 7 Apr 2026

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.

CVE-2026-34765 (v3: 6) 7 Apr 2026

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissive webPreferences (via setWindowOpenHandler's overrideBrowserWindowOptions), content loaded by the second renderer inherits those permissions. Apps are only affected if they open multiple top-level windows with differing trust levels and use setWindowOpenHandler to grant child windows elevated webPreferences such as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected. Apps that additionally grant nodeIntegration: true or sandbox: false to child windows (contrary to the security recommendations) may be exposed to arbitrary code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.

CVE-2026-34582 7 Apr 2026

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.

CVE-2026-34580 7 Apr 2026

Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact identical. The impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set) match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a trusted root. , This vulnerability is fixed in 3.11.1.

CVE-2026-34371 (v3: 6.3) 7 Apr 2026

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4.

CVE-2026-34079 7 Apr 2026

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.

CVE-2026-34078 7 Apr 2026

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

CVE-2026-31790 7 Apr 2026

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

CVE-2026-31789 7 Apr 2026

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CVE-2026-28390 7 Apr 2026

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CVE-2026-28389 7 Apr 2026

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CVE-2026-28388 7 Apr 2026

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CVE-2026-28387 7 Apr 2026

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.

2025

CVE-2025-14732 (v3: 6.4) 8 Apr 2026

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in all versions up to, and including, 3.35.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-20628 7 Apr 2026

An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.

CVE-2025-69515 7 Apr 2026

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

CVE-2025-56015 7 Apr 2026

In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.

CVE-2025-14859 7 Apr 2026

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device can exploit this weakness to generate a malicious firmware image with a hash collision, bypassing the secure boot verification mechanism and installing arbitrary unauthorized firmware on the device.

CVE-2025-14858 7 Apr 2026

The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.

CVE-2025-14857 7 Apr 2026

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI interface can overwrite stack memory to hijack program control flow and achieve limited arbitrary code execution. However, the impact is limited to the active attack session: the device's secure boot mechanism prevents persistent firmware modification, the crypto engine isolates cryptographic keys from direct firmware access, and all modifications are lost upon device reboot or loss of physical access.

CVE-2025-71058 7 Apr 2026

Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inject forged responses and poison the DNS cache, potentially redirecting victims to attacker-controlled destinations.

CVE-2025-70844 7 Apr 2026

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

CVE-2025-14944 (v3: 5.3) 7 Apr 2026

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded tokens which are publicly exposed in the plugin's JavaScript. This makes it possible for unauthenticated attackers to trigger the backup upload queue processing, potentially causing unexpected backup transfers to configured cloud storage targets and resource exhaustion.

CVE-2025-14821 (v3: 7.8) 7 Apr 2026

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.

CVE-2025-52908 7 Apr 2026

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2.

CVE-2025-24819 (v3: 5.7) 7 Apr 2026

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.

CVE-2025-24818 (v3: 8) 7 Apr 2026

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.

CVE-2025-24817 7 Apr 2026

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.

CVE-2025-62818 7 Apr 2026

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI and UDL values when processing an SMS TP-UD packet.

CVE-2025-52909 7 Apr 2026

CVE-2025-39666 7 Apr 2026

Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root.

CVE-2025-15611 (v3: 5.4) 7 Apr 2026

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend.

CVE-2025-65116 (v3: 5.5) 7 Apr 2026

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

CVE-2025-65115 (v3: 8.8) 7 Apr 2026

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

CVE-2025-13044 (v3: 6.2) 7 Apr 2026

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

CVE-2025-13044 (v3: 6.2) 7 Apr 2026

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

CVE-2025-54601 (v3: 7) 6 Apr 2026

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.

CVE-2025-54601 6 Apr 2026

CVE-2025-57834 (v3: 7.5) 6 Apr 2026

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410). The absence of proper input validation leads to a Denial of Service.

CVE-2025-54602 (v3: 7) 6 Apr 2026

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.

CVE-2025-54328 (v3: 10) 6 Apr 2026

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.

CVE-2025-57834 (v3: 7.5) 6 Apr 2026

CVE-2025-54602 (v3: 7) 6 Apr 2026

CVE-2025-54328 (v3: 10) 6 Apr 2026

CVE-2025-58349 (v3: 9.1) 6 Apr 2026

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes.

CVE-2025-54324 (v3: 7.5) 6 Apr 2026

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service.

CVE-2025-58349 6 Apr 2026

CVE-2025-54324 6 Apr 2026

CVE-2025-48651 6 Apr 2026

StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899.

CVE-2025-48651 6 Apr 2026

StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899.

CVE-2025-61166 (v3: 6.1) 6 Apr 2026

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.

CVE-2025-61166 (v3: 6.1) 6 Apr 2026

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.

CVE-2025-59440 (v3: 7.5) 6 Apr 2026

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service.

CVE-2025-57835 (v3: 7.5) 6 Apr 2026

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message.

CVE-2025-59440 6 Apr 2026

CVE-2025-57835 6 Apr 2026

CVE-2025-47400 (v3: 7.1) 6 Apr 2026

Cryptographic issue while copying data to a destination buffer without validating its size.

CVE-2025-47392 (v3: 8.8) 6 Apr 2026

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

CVE-2025-47400 (v3: 7.1) 6 Apr 2026

Cryptographic issue while copying data to a destination buffer without validating its size.

CVE-2025-47392 (v3: 8.8) 6 Apr 2026

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

CVE-2025-47391 (v3: 7.8) 6 Apr 2026

Memory corruption while processing a frame request from user.

CVE-2025-47390 (v3: 7.8) 6 Apr 2026

Memory corruption while preprocessing IOCTL request in JPEG driver.

CVE-2025-47389 (v3: 7.8) 6 Apr 2026

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

2024

CVE-2024-36058 7 Apr 2026

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database.

CVE-2024-36057 7 Apr 2026

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by an attacker and is directly included in a system command, i.e., an attack can occur via malicious filenames after uploading a .zip file and clicking Process Images.

CVE-2024-14032 (v3: 7.8) 6 Apr 2026

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite system files and privileged binaries, achieving full system compromise. Twitch Studio was discontinued in May 2024.

CVE-2024-14032 (v3: 7.8) 6 Apr 2026

CVE-2024-14033 (v3: 7.5) 2 Apr 2026

Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled.

CVE-2024-14033 (v3: 7.5) 2 Apr 2026

CVE-2024-14034 (v3: 9.8) 2 Apr 2026

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.

CVE-2024-14034 (v3: 9.8) 2 Apr 2026

CVE-2024-44303 (v3: 7.5) 2 Apr 2026

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CVE-2024-44303 (v3: 7.5) 2 Apr 2026

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CVE-2024-44303 (v3: 7.5) 2 Apr 2026

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CVE-2024-44303 (v3: 7.5) 2 Apr 2026

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CVE-2024-44303 (v3: 7.5) 2 Apr 2026

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CVE-2024-44303 (v3: 7.5) 2 Apr 2026

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CVE-2024-44286 (v3: 7.5) 2 Apr 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVE-2024-44286 (v3: 7.5) 2 Apr 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVE-2024-44286 (v3: 7.5) 2 Apr 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVE-2024-44286 (v3: 7.5) 2 Apr 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVE-2024-44286 (v3: 7.5) 2 Apr 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVE-2024-44286 (v3: 7.5) 2 Apr 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

CVE-2024-44250 (v3: 8.2) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE-2024-44250 (v3: 8.2) 2 Apr 2026

CVE-2024-44219 (v3: 7.5) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.

CVE-2024-44219 (v3: 7.5) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.

CVE-2024-44219 (v3: 7.5) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.

CVE-2024-44219 (v3: 7.5) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.

CVE-2024-44219 (v3: 7.5) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.

CVE-2024-44219 (v3: 7.5) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.

CVE-2024-40858 (v3: 7.1) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVE-2024-40858 (v3: 7.1) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVE-2024-40858 (v3: 7.1) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVE-2024-40858 (v3: 7.1) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVE-2024-40858 (v3: 7.1) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVE-2024-40858 (v3: 7.1) 2 Apr 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVE-2024-40849 (v3: 7.5) 2 Apr 2026

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.

CVE-2024-40849 (v3: 7.5) 2 Apr 2026

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.

CVE-2024-40849 (v3: 7.5) 2 Apr 2026

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.

CVE-2024-40849 (v3: 7.5) 2 Apr 2026

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.

2023

CVE-2023-7343 (v3: 7.8) 2 Apr 2026

HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.

CVE-2023-7343 (v3: 7.8) 2 Apr 2026

CVE-2023-7342 (v3: 8.8) 2 Apr 2026

HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.

CVE-2023-7342 (v3: 8.8) 2 Apr 2026

CVE-2023-7340 (v3: 3.5) 27 Mar 2026

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.

CVE-2023-7340 (v3: 3.5) 27 Mar 2026

CVE-2023-7339 (v3: 6.5) 27 Mar 2026

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01.

CVE-2023-7339 (v3: 6.5) 27 Mar 2026

CVE-2023-7338 (v3: 7.5) 26 Mar 2026

Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.

CVE-2023-7338 (v3: 7.5) 26 Mar 2026

CVE-2023-40693 (v3: 5.4) 13 Mar 2026

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-40693 (v3: 5.4) 13 Mar 2026

2022

CVE-2022-4987 (v3: 7.3) 3 Apr 2026

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application.

CVE-2022-4987 (v3: 7.3) 3 Apr 2026

CVE-2022-4986 (v3: 7.5) 2 Apr 2026

Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability.

CVE-2022-4986 (v3: 7.5) 2 Apr 2026

CVE-2022-4977 10 Mar 2026

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2022-4977 10 Mar 2026

CVE-2022-4947 6 Mar 2026

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-32111. Reason: This candidate is a reservation duplicate of CVE-2024-32111. Notes: All CVE users should reference CVE-2024-32111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2022-4947 6 Mar 2026

CVE-2022-41650 (v3: 6.5) 17 Feb 2026

Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.

CVE-2022-41650 (v3: 6.5) 17 Feb 2026

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) 2 Feb 2026

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) 2 Feb 2026

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50979 (v3: 6.5) 2 Feb 2026

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

2021

CVE-2021-4473 (v3: 9.8) 7 Apr 2026

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers can exploit this vulnerability to write malicious PHP files into the web root and achieve remote code execution with the privileges of the web server process. This vulnerability has been fixed in version NACFirmware_4.0.0.7_20210716.180815_topsec_0_basic.bin. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-01 (UTC).

CVE-2021-4477 (v3: 9.1) 3 Apr 2026

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.

CVE-2021-4477 (v3: 9.1) 3 Apr 2026

CVE-2021-4474 (v3: 4.9) 26 Mar 2026

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive information including configuration files, credentials, and system data stored on the device.

CVE-2021-4474 (v3: 4.9) 26 Mar 2026

CVE-2021-35486 (v3: 8.1) 3 Mar 2026

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.

CVE-2021-35486 (v3: 8.1) 3 Mar 2026

CVE-2021-35486 3 Mar 2026

CVE-2021-35485 (v3: 8) 3 Mar 2026

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.

CVE-2021-35484 (v3: 8.2) 3 Mar 2026

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

CVE-2021-35483 (v3: 4.1) 3 Mar 2026

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

CVE-2021-35485 (v3: 8) 3 Mar 2026

CVE-2021-35484 (v3: 8.2) 3 Mar 2026

CVE-2021-35483 (v3: 4.1) 3 Mar 2026

CVE-2021-35485 (v3: 8) 3 Mar 2026

CVE-2021-35484 (v3: 8.2) 3 Mar 2026

CVE-2021-35483 (v3: 4.1) 3 Mar 2026

CVE-2021-35485 (v3: 8) 3 Mar 2026

CVE-2021-35484 (v3: 8.2) 3 Mar 2026

CVE-2021-35483 (v3: 4.1) 3 Mar 2026

CVE-2021-35485 (v3: 8) 3 Mar 2026

CVE-2021-35484 (v3: 8.2) 3 Mar 2026

CVE-2021-35483 (v3: 4.1) 3 Mar 2026

CVE-2021-35485 (v3: 8) 3 Mar 2026

CVE-2021-35484 (v3: 8.2) 3 Mar 2026

CVE-2021-35483 (v3: 4.1) 3 Mar 2026

CVE-2021-35485 (v3: 8) 3 Mar 2026

2020

CVE-2020-37216 (v3: 7.5) 3 Apr 2026

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.

CVE-2020-37216 (v3: 7.5) 3 Apr 2026

CVE-2020-37167 (v3: 8.4) 12 Feb 2026

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

CVE-2020-37167 (v3: 8.4) 12 Feb 2026

CVE-2020-37167 (v3: 9.8) 12 Feb 2026

ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

CVE-2020-37167 (v3: 9.8) 12 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37215 (v3: 7.5) 11 Feb 2026

CVE-2020-37214 (v3: 7.5) 11 Feb 2026

CVE-2020-37213 (v3: 7.5) 11 Feb 2026

CVE-2020-37212 (v3: 7.5) 11 Feb 2026

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37211 (v3: 7.5) 11 Feb 2026

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37210 (v3: 7.5) 11 Feb 2026

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

CVE-2020-37212 (v3: 7.5) 11 Feb 2026

CVE-2020-37211 (v3: 7.5) 11 Feb 2026

CVE-2020-37210 (v3: 7.5) 11 Feb 2026

2019

CVE-2019-25704 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.

CVE-2019-25702 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.

CVE-2019-25700 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data.

CVE-2019-25698 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information.

CVE-2019-25696 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data.

CVE-2019-25694 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data.

CVE-2019-25704 (v3: 8.2) 5 Apr 2026

CVE-2019-25702 (v3: 8.2) 5 Apr 2026

CVE-2019-25700 (v3: 8.2) 5 Apr 2026

CVE-2019-25698 (v3: 8.2) 5 Apr 2026

CVE-2019-25696 (v3: 8.2) 5 Apr 2026

CVE-2019-25694 (v3: 8.2) 5 Apr 2026

CVE-2019-25704 (v3: 8.2) 5 Apr 2026

CVE-2019-25702 (v3: 8.2) 5 Apr 2026

CVE-2019-25700 (v3: 8.2) 5 Apr 2026

CVE-2019-25698 (v3: 8.2) 5 Apr 2026

CVE-2019-25696 (v3: 8.2) 5 Apr 2026

CVE-2019-25694 (v3: 8.2) 5 Apr 2026

CVE-2019-25692 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data.

CVE-2019-25690 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information.

CVE-2019-25688 (v3: 8.2) 5 Apr 2026

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents.

CVE-2019-25687 (v3: 9.8) 5 Apr 2026

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.

CVE-2019-25686 (v3: 7.5) 5 Apr 2026

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.

CVE-2019-25685 (v3: 8.8) 5 Apr 2026

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings.

CVE-2019-25692 (v3: 8.2) 5 Apr 2026

CVE-2019-25690 (v3: 8.2) 5 Apr 2026

CVE-2019-25688 (v3: 8.2) 5 Apr 2026

CVE-2019-25687 (v3: 9.8) 5 Apr 2026

CVE-2019-25686 (v3: 7.5) 5 Apr 2026

CVE-2019-25685 (v3: 8.8) 5 Apr 2026

CVE-2019-25692 (v3: 8.2) 5 Apr 2026

CVE-2019-25690 (v3: 8.2) 5 Apr 2026

CVE-2019-25688 (v3: 8.2) 5 Apr 2026

CVE-2019-25687 (v3: 9.8) 5 Apr 2026

CVE-2019-25686 (v3: 7.5) 5 Apr 2026

CVE-2019-25685 (v3: 8.8) 5 Apr 2026

CVE-2019-25684 (v3: 8.2) 5 Apr 2026

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information.

CVE-2019-25683 (v3: 6.2) 5 Apr 2026

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.

CVE-2019-25682 (v3: 4.3) 5 Apr 2026

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.

CVE-2019-25681 (v3: 8.4) 5 Apr 2026

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.

CVE-2019-25680 (v3: 8.2) 5 Apr 2026

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.

CVE-2019-25679 (v3: 7.8) 5 Apr 2026

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

CVE-2019-25684 (v3: 8.2) 5 Apr 2026

CVE-2019-25683 (v3: 6.2) 5 Apr 2026

CVE-2019-25682 (v3: 4.3) 5 Apr 2026

CVE-2019-25681 (v3: 8.4) 5 Apr 2026

CVE-2019-25680 (v3: 8.2) 5 Apr 2026

CVE-2019-25679 (v3: 7.8) 5 Apr 2026

CVE-2019-25684 (v3: 8.2) 5 Apr 2026

CVE-2019-25683 (v3: 6.2) 5 Apr 2026

2018

CVE-2018-25256 (v3: 5.5) 5 Apr 2026

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start button, causing denial of service and SEH overwrite.

CVE-2018-25256 (v3: 5.5) 5 Apr 2026

CVE-2018-25246 (v3: 7.5) 4 Apr 2026

Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.

CVE-2018-25246 (v3: 7.5) 4 Apr 2026

CVE-2018-25255 (v3: 8.4) 4 Apr 2026

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.

CVE-2018-25254 (v3: 9.8) 4 Apr 2026

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.

CVE-2018-25253 (v3: 6.2) 4 Apr 2026

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.

CVE-2018-25252 (v3: 6.2) 4 Apr 2026

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.

CVE-2018-25251 (v3: 8.4) 4 Apr 2026

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation.

CVE-2018-25250 (v3: 7.2) 4 Apr 2026

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page.

CVE-2018-25255 (v3: 8.4) 4 Apr 2026

CVE-2018-25254 (v3: 9.8) 4 Apr 2026

CVE-2018-25253 (v3: 6.2) 4 Apr 2026

CVE-2018-25252 (v3: 6.2) 4 Apr 2026

CVE-2018-25251 (v3: 8.4) 4 Apr 2026

CVE-2018-25250 (v3: 7.2) 4 Apr 2026

CVE-2018-25255 (v3: 8.4) 4 Apr 2026

CVE-2018-25254 (v3: 9.8) 4 Apr 2026

CVE-2018-25253 (v3: 6.2) 4 Apr 2026

CVE-2018-25252 (v3: 6.2) 4 Apr 2026

CVE-2018-25251 (v3: 8.4) 4 Apr 2026

CVE-2018-25250 (v3: 7.2) 4 Apr 2026

CVE-2018-25255 (v3: 8.4) 4 Apr 2026

CVE-2018-25254 (v3: 9.8) 4 Apr 2026

CVE-2018-25253 (v3: 6.2) 4 Apr 2026

CVE-2018-25252 (v3: 6.2) 4 Apr 2026

CVE-2018-25251 (v3: 8.4) 4 Apr 2026

CVE-2018-25250 (v3: 7.2) 4 Apr 2026

CVE-2018-25249 (v3: 6.4) 4 Apr 2026

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit the comment.

CVE-2018-25248 (v3: 7.2) 4 Apr 2026

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators validate the download in downloads.php.

CVE-2018-25247 (v3: 6.1) 4 Apr 2026

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.

CVE-2018-25245 (v3: 7.5) 4 Apr 2026

7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.

CVE-2018-25244 (v3: 6.2) 4 Apr 2026

Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation.

CVE-2018-25249 (v3: 6.4) 4 Apr 2026

CVE-2018-25248 (v3: 7.2) 4 Apr 2026

CVE-2018-25247 (v3: 6.1) 4 Apr 2026

CVE-2018-25245 (v3: 7.5) 4 Apr 2026

CVE-2018-25244 (v3: 6.2) 4 Apr 2026

CVE-2018-25249 (v3: 6.4) 4 Apr 2026

CVE-2018-25248 (v3: 7.2) 4 Apr 2026

CVE-2018-25247 (v3: 6.1) 4 Apr 2026

CVE-2018-25245 (v3: 7.5) 4 Apr 2026

CVE-2018-25244 (v3: 6.2) 4 Apr 2026

CVE-2018-25249 (v3: 6.4) 4 Apr 2026

CVE-2018-25248 (v3: 7.2) 4 Apr 2026

CVE-2018-25247 (v3: 6.1) 4 Apr 2026

CVE-2018-25245 (v3: 7.5) 4 Apr 2026

2017

CVE-2017-20238 (v3: 7.1) 3 Apr 2026

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

CVE-2017-20236 (v3: 9.8) 3 Apr 2026

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

CVE-2017-20235 (v3: 9.1) 3 Apr 2026

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

CVE-2017-20234 (v3: 9.8) 3 Apr 2026

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.

CVE-2017-20238 (v3: 7.1) 3 Apr 2026

CVE-2017-20236 (v3: 9.8) 3 Apr 2026

CVE-2017-20235 (v3: 9.1) 3 Apr 2026

CVE-2017-20234 (v3: 9.8) 3 Apr 2026

CVE-2017-20238 (v3: 7.1) 3 Apr 2026

CVE-2017-20236 (v3: 9.8) 3 Apr 2026

CVE-2017-20235 (v3: 9.1) 3 Apr 2026

CVE-2017-20234 (v3: 9.8) 3 Apr 2026

CVE-2017-20238 (v3: 7.1) 3 Apr 2026

CVE-2017-20236 (v3: 9.8) 3 Apr 2026

CVE-2017-20235 (v3: 9.1) 3 Apr 2026

CVE-2017-20234 (v3: 9.8) 3 Apr 2026

CVE-2017-20238 (v3: 7.1) 3 Apr 2026

CVE-2017-20236 (v3: 9.8) 3 Apr 2026

CVE-2017-20235 (v3: 9.1) 3 Apr 2026

CVE-2017-20234 (v3: 9.8) 3 Apr 2026

CVE-2017-20233 (v3: 5.4) 3 Apr 2026

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.

CVE-2017-20233 (v3: 5.4) 3 Apr 2026

CVE-2017-20237 (v3: 9.8) 3 Apr 2026

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.

CVE-2017-20237 (v3: 9.8) 3 Apr 2026