Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39323 1 Churchcrm 1 Churchcrm 2026-04-09 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a duplicate of CVE-2026-39326. Notes: All CVE users should reference CVE-2026-39326 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.another CVE.
CVE-2026-39317 1 Churchcrm 1 Churchcrm 2026-04-09 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a duplicate of CVE-2026-39334. Notes: All CVE users should reference CVE-2026-39334 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.another CVE.
CVE-2026-35023 1 Cloud Solutions 1 Wimi Teamwork 2026-04-09 4.3 Medium
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image previews from other users' private or group conversations, resulting in unauthorized disclosure of sensitive information.
CVE-2026-34402 1 Churchcrm 1 Churchcrm 2026-04-09 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.another CVE.
CVE-2012-5562 1 Redhat 2 Network Proxy, Satellite 2026-04-09 8.6 High
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.
CVE-2024-46683 1 Linux 1 Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock before checking the fence state. But if we have already dropped the queue ref, then the lock might already be freed as part of the queue, leading to uaf. To prevent this, move the fence lock into the fence itself so we don't run into lifetime issues. Alternative might be to have device level lock, or only release the queue in the fence release callback, however that might require pushing to another worker to avoid locking issues. References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020 (cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)
CVE-2024-44986 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.
CVE-2024-44977 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)
CVE-2024-44974 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with.
CVE-2026-35567 1 Churchcrm 1 Churchcrm 2026-04-09 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a duplicate of CVE-2026-39327. Notes: All CVE users should reference CVE-2026-39327 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.another CVE.
CVE-2026-39398 2026-04-09 N/A
The affected product and advisory are not public.
CVE-2025-66523 2 Foxit, Foxitsoftware 2 Esign, Na1.foxitesign.foxit.com 2026-04-09 6.1 Medium
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
CVE-2025-57175 1 Siklu 1 Etherhaul 8010 2026-04-09 6.4 Medium
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.
CVE-2018-25116 2 Jamiesage123, Mybb 2 Mybb Thread Redirect Plugin, Thread Redirect 2026-04-09 6.1 Medium
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
CVE-2018-25132 2 Mybb, Zainali99 2 Trending Widget, Mybb Trending Widget Plugin 2026-04-09 6.1 Medium
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
CVE-2021-47905 2 Mybb, Vintagedaddyo 2 Delete Account, Mybb Delete Account Plugin 2026-04-09 6.1 Medium
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.
CVE-2026-20993 1 Samsung 2 Assistant, Samsung Assistant 2026-04-09 5.5 Medium
Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
CVE-2026-21000 1 Samsung 1 Galaxy Store 2026-04-09 5.5 Medium
Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-21001 1 Samsung 1 Galaxy Store 2026-04-09 5.5 Medium
Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-21002 1 Samsung 1 Galaxy Store 2026-04-09 5.5 Medium
Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.