Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2403 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 4.3 MEDIUM |
| CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload. | |||||
| CVE-2026-6839 | 2026-04-22 | N/A | 6.6 MEDIUM | ||
| Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0. | |||||
| CVE-2010-3904 | 6 Canonical, Linux, Opensuse and 3 more | 8 Ubuntu Linux, Linux Kernel, Opensuse and 5 more | 2026-04-21 | 7.2 HIGH | 7.8 HIGH |
| The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | |||||
| CVE-2026-41285 | 2026-04-21 | N/A | 4.3 MEDIUM | ||
| In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero. | |||||
| CVE-2025-3756 | 2026-04-17 | N/A | 6.5 MEDIUM | ||
| A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function. This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3. | |||||
| CVE-2024-30516 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27. | |||||
| CVE-2023-20582 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | |||||
| CVE-2025-54515 | 2026-04-15 | N/A | N/A | ||
| The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state. | |||||
| CVE-2025-5257 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable. MitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later. | |||||
| CVE-2024-21953 | 2026-04-15 | N/A | N/A | ||
| Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. | |||||
| CVE-2023-20508 | 2026-04-15 | N/A | 5.0 MEDIUM | ||
| Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability. | |||||
| CVE-2025-9316 | 2026-04-15 | N/A | N/A | ||
| N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4. | |||||
| CVE-2025-3511 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, CC-Link IE TSN Master/Local Station Communication LSI CP610, MELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module, MELSEC iQ-F Series FX5 Ethernet Module, and MELSEC iQ-F Series FX5-ENET/IP Ethernet Module allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets. | |||||
| CVE-2025-49292 | 2026-04-15 | N/A | N/A | ||
| Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8. | |||||
| CVE-2025-48507 | 2026-04-15 | N/A | N/A | ||
| The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC. | |||||
| CVE-2021-47818 | 2026-04-15 | N/A | 7.5 HIGH | ||
| DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10. | |||||
| CVE-2024-30527 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. | |||||
| CVE-2024-7316 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. | |||||
| CVE-2025-10933 | 2026-04-15 | N/A | N/A | ||
| An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads. | |||||
| CVE-2025-58835 | 2026-04-15 | N/A | N/A | ||
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6. | |||||