Total
342645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21372 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | ||||
| CVE-2026-21373 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21374 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||||
| CVE-2026-21375 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21376 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21378 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21380 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory. | ||||
| CVE-2026-21381 | 2026-04-06 | 7.6 High | ||
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | ||||
| CVE-2026-21382 | 2026-04-06 | 7.8 High | ||
| Memory Corruption when handling power management requests with improperly sized input/output buffers. | ||||
| CVE-2026-5549 | 1 Tenda | 1 Ac10 Firmware | 2026-04-06 | 5.3 Medium |
| A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-66483 | 1 Ibm | 1 Aspera Shares | 2026-04-06 | 6.3 Medium |
| IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2026-5554 | 2026-04-06 | 7.3 High | ||
| A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of the argument searching results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5559 | 2026-04-06 | 6.3 Medium | ||
| A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-5564 | 1 Code-projects | 1 Simple Laundry System | 2026-04-06 | 7.3 High |
| A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5569 | 2026-04-06 | 7.3 High | ||
| A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-34402 | 2026-04-06 | 8.1 High | ||
| ChurchCRM is an open-source church management system. Prior to 7.1.0, authenticated users with Edit Records or Manage Groups permissions can exploit a time-based blind SQL injection vulnerability in the PropertyAssign.php endpoint to exfiltrate or modify any database content, including user credentials, personal identifiable information (PII), and configuration secrets. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-5574 | 2026-04-06 | 6.5 Medium | ||
| A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5704 | 1 Redhat | 1 Enterprise Linux | 2026-04-06 | 5 Medium |
| A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection. | ||||
| CVE-2026-5666 | 2026-04-06 | 5.3 Medium | ||
| A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-5665 | 2026-04-06 | 7.3 High | ||
| A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | ||||