Total
620 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23079 | 2026-04-15 | 6.2 Medium | ||
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-53432 | 1 Point Cloud Library | 1 Pcl | 2026-04-15 | 7.5 High |
| While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files. | ||||
| CVE-2025-58354 | 1 Katacontainers | 1 Kata-containers | 2026-04-15 | 7.1 High |
| Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0. | ||||
| CVE-2025-24303 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2026-04-15 | 7.8 High |
| Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22848 | 2026-04-15 | 3.5 Low | ||
| Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-37372 | 2026-04-15 | 3.6 Low | ||
| The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | ||||
| CVE-2025-64342 | 1 Espressif | 1 Esp-idf | 2026-04-15 | N/A |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly report a connection event to the host, which can cause the application layer to assume that the device has successfully established a connection. This issue has been fixed in versions 5.5.2, 5.4.3, 5.3.5, 5.2.6, and 5.1.7. At time of publication versions 5.5.2, 5.3.5, and 5.1.7 have not been released but are fixed respectively in commits 3b95b50, e3d7042, and 75967b5. | ||||
| CVE-2024-38355 | 2026-04-15 | 7.3 High | ||
| Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors. | ||||
| CVE-2023-28910 | 2026-04-15 | 8 High | ||
| A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2025-4619 | 1 Palo Alto Networks | 1 Pan-os | 2026-04-15 | N/A |
| A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process. | ||||
| CVE-2024-34694 | 1 Lnbits | 1 Lnbits | 2026-04-15 | 8.1 High |
| LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. This vulnerability is fixed in 0.12.6. | ||||
| CVE-2025-54427 | 1 Polkadot | 1 Frontier | 2026-04-15 | N/A |
| Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which includes the check_inherent call. This allows other nodes to verify if the input (in this case, the target value) is correct. However, prior to commit a754b3d, the check_inherent function has not been implemented for note_min_gas_price_target. This lets the block producer set the target value without verification. The target is then used to set the MinGasPrice, which has an upper and lower bound defined in the on_initialize hook. The block producer can set the target to the upper bound. Which also increases the upper and lower bounds for the next block. Over time, this could result in continuously raising the gas price, making contract execution too expensive and ineffective for users. An attacker could use this flaw to manipulate the gas price, potentially leading to significantly inflated transaction fees. Such manipulation could render contract execution prohibitively expensive for users, effectively resulting in a denial-of-service condition for the network. This is fixed in version a754b3d. | ||||
| CVE-2025-61668 | 1 Plone | 1 Volto | 2026-04-15 | N/A |
| Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6. | ||||
| CVE-2025-4675 | 1 Abb | 2 Webpro Snmp Card Powervalue, Webpro Snmp Card Powervalue Ul | 2026-04-15 | 6.5 Medium |
| Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | ||||
| CVE-2024-34360 | 2026-04-15 | 8.2 High | ||
| go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions (ATXs) which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier (but not the latest) ATX as previous breaks this protocol rule and can serve as an attack vector where Nodes are rewarded for holding their PoST data for less than one epoch but still being eligible for rewards. This vulnerability is fixed in go-spacemesh 1.5.2-hotfix1 and Spacemesh API 1.37.1. | ||||
| CVE-2025-20093 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2026-04-15 | 8.2 High |
| Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-8175 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 15 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. | ||||
| CVE-2024-52504 | 1 Siemens | 1 Siprotec 4 | 2026-04-15 | 7.5 High |
| A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted. | ||||
| CVE-2025-35992 | 1 Intel | 1 Npu Drivers | 2026-04-15 | 4.7 Medium |
| Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-33030 | 1 Intel | 1 Npu Drivers | 2026-04-15 | 3.3 Low |
| Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||