|
971
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33822
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
|
CWE-415
Double Free
|
CVE-2026-33824
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
|
CWE-20
Improper Input Validation
|
CVE-2026-33826
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
8.1 |
HIGH
Network
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
|
CWE-362
Race Condition
|
CVE-2026-33827
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
2.7 |
LOW
Network
|
-
|
-
|
Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Wo…
|
CWE-862
Missing Authorization
|
CVE-2026-27769
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's au…
|
CWE-352
Origin Validation Error
|
CVE-2026-28741
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
- |
|
-
|
-
|
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This al…
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2026-33805
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with a…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-3590
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
7.1 |
HIGH
Local
|
-
|
-
|
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardwar…
|
CWE-59
Link Following
|
CVE-2026-0827
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-1636
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
