|
2181
|
8.1 |
HIGH
Network
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
|
CWE-362
Race Condition
|
CVE-2026-33827
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2182
|
2.7 |
LOW
Network
|
-
|
-
|
Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Wo…
|
CWE-862
Missing Authorization
|
CVE-2026-27769
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2183
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's au…
|
CWE-352
Origin Validation Error
|
CVE-2026-28741
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2184
|
- |
|
-
|
-
|
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This al…
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2026-33805
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2185
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with a…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-3590
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2186
|
7.1 |
HIGH
Local
|
-
|
-
|
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardwar…
|
CWE-59
Link Following
|
CVE-2026-0827
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2187
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-1636
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2188
|
7.3 |
HIGH
Local
|
-
|
-
|
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-4134
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2189
|
6.6 |
MEDIUM
Local
|
-
|
-
|
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file w…
|
CWE-59
Link Following
|
CVE-2026-4135
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2190
|
7.8 |
HIGH
Local
|
-
|
-
|
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated p…
|
CWE-88
Argument Injection
|
CVE-2026-4145
|
2026-04-18 00:09 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
