Search Results (363531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-46683 1 Linux 1 Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock before checking the fence state. But if we have already dropped the queue ref, then the lock might already be freed as part of the queue, leading to uaf. To prevent this, move the fence lock into the fence itself so we don't run into lifetime issues. Alternative might be to have device level lock, or only release the queue in the fence release callback, however that might require pushing to another worker to avoid locking issues. References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020 (cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)
CVE-2024-44986 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.
CVE-2024-44977 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)
CVE-2024-44974 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-09 7.8 High
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with.
CVE-2026-35567 1 Churchcrm 1 Churchcrm 2026-04-09 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a duplicate of CVE-2026-39327. Notes: All CVE users should reference CVE-2026-39327 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.another CVE.
CVE-2026-39398 2026-04-09 N/A
The affected product and advisory are not public.
CVE-2025-66523 2 Foxit, Foxitsoftware 2 Esign, Na1.foxitesign.foxit.com 2026-04-09 6.1 Medium
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
CVE-2018-25116 2 Jamiesage123, Mybb 2 Mybb Thread Redirect Plugin, Thread Redirect 2026-04-09 6.1 Medium
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
CVE-2018-25132 2 Mybb, Zainali99 2 Trending Widget, Mybb Trending Widget Plugin 2026-04-09 6.1 Medium
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
CVE-2021-47905 2 Mybb, Vintagedaddyo 2 Delete Account, Mybb Delete Account Plugin 2026-04-09 6.1 Medium
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.
CVE-2026-20993 1 Samsung 2 Assistant, Samsung Assistant 2026-04-09 5.5 Medium
Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
CVE-2026-21000 1 Samsung 1 Galaxy Store 2026-04-09 5.5 Medium
Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-21001 1 Samsung 1 Galaxy Store 2026-04-09 5.5 Medium
Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-21002 1 Samsung 1 Galaxy Store 2026-04-09 5.5 Medium
Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
CVE-2026-4319 2 Carmelo, Code-projects 2 Simple Food Order System, Simple Food Order System 2026-04-09 7.3 High
A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-32763 2 Kysely, Kysely-org 2 Kysely, Kysely 2026-04-09 8.2 High
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg()` function appends user-controlled values from `.key()` and `.at()` directly into single-quoted JSON path string literals (`'$.key'`) without escaping single quotes. An attacker can break out of the JSON path string context and inject arbitrary SQL. This is inconsistent with `sanitizeIdentifier()`, which properly doubles delimiter characters for identifiers — both are non-parameterizable SQL constructs requiring manual escaping, but only identifiers are protected. Version 0.28.12 fixes the issue.
CVE-2026-32888 1 Opensourcepos 2 Open Source Point Of Sale, Opensourcepos 2026-04-09 8.8 High
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom filter), user-supplied input from the search GET parameter is interpolated directly into a HAVING clause without parameterization or sanitization. This allows an authenticated attacker with basic item search permissions to execute arbitrary SQL queries. A patch did not exist at the time of publication.
CVE-2026-32933 1 Luckypennysoftware 1 Automapper 2026-04-09 7.5 High
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memory, triggering a `StackOverflowException` and causing the entire application process to terminate. Versions 15.1.1 and 16.1.1 fix the issue.
CVE-2026-32768 1 Ctfer-io 1 Chall-manager 2026-04-09 9.9 Critical
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.
CVE-2026-4626 1 Projectworlds 2 Leave Management System, Online Lawyer Management System 2026-04-09 3.5 Low
A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.