|
161
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-32217
|
2026-04-20 23:34 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2022_23h2
windows_server_2025
|
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-32218
|
2026-04-20 23:33 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
7.0 |
HIGH
Local
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Update
|
CWE-362
CWE-415
Race Condition
Double Free
|
CVE-2026-32219
|
2026-04-20 23:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
5.1 |
MEDIUM
Local
|
-
|
-
|
Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
New
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2026-6654
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serv…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6649
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
- |
|
-
|
-
|
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sen…
New
|
CWE-306
CWE-732
Missing Authentication for Critical Function
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-6369
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applian…
New
|
CWE-77
Command Injection
|
CVE-2026-4048
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Loa…
New
|
CWE-77
Command Injection
|
CVE-2026-3519
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applia…
New
|
CWE-77
Command Injection
|
CVE-2026-3518
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the Lo…
New
|
CWE-77
Command Injection
|
CVE-2026-3517
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
