|
1851
|
7.5 |
HIGH
Network
|
-
|
-
|
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a …
|
-
|
CVE-2026-32283
|
2026-04-14 04:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1852
|
6.4 |
MEDIUM
Local
|
-
|
-
|
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. …
|
-
|
CVE-2026-32282
|
2026-04-14 04:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1853
|
7.5 |
HIGH
Network
|
-
|
-
|
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This on…
|
-
|
CVE-2026-32281
|
2026-04-14 04:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1854
|
7.1 |
HIGH
Local
|
-
|
-
|
The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves…
|
-
|
CVE-2026-27144
|
2026-04-14 04:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1855
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading …
|
-
|
CVE-2026-27143
|
2026-04-14 04:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1856
|
6.5 |
MEDIUM
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3…
|
CWE-22
Path Traversal
|
CVE-2026-34750
|
2026-04-14 04:15 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1857
|
5.4 |
MEDIUM
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the authentication flow. Under certain condi…
|
CWE-352
Origin Validation Error
|
CVE-2026-34749
|
2026-04-14 04:13 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1858
|
8.7 |
HIGH
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An aut…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34748
|
2026-04-14 04:13 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1859
|
7.8 |
HIGH
Local
|
microsoft
|
office
visual_basic_for_applications
visual_basic_for_applications_sdk
|
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic…
|
NVD-CWE-Other
CWE-426
Untrusted Search Path
|
CVE-2012-1854
|
2026-04-14 04:00 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1860
|
7.8 |
HIGH
Local
|
microsoft
|
office
visual_basic_for_applications
visual_basic_for_applications_sdk
|
Vulnerabilidad de búsqueda de ruta no confiable ("Untrusted search path") en VBE6.dll en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Microsoft Visual Basic para Applications (VBA)…
|
NVD-CWE-Other
CWE-426
Untrusted Search Path
|
CVE-2012-1854
|
2026-04-14 04:00 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
