|
3871
|
9.1 |
CRITICAL
Network
|
openssl
|
openssl
|
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems with AVX-512 and VAES support can trigger an out-of-bounds read
of up to 15 bytes when processing partial cipher block…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-28386
|
2026-04-25 03:28 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3872
|
7.5 |
HIGH
Network
|
apache
|
log4j
|
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-34481
|
2026-04-25 03:24 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3873
|
7.5 |
HIGH
Network
|
apache
|
log4j
|
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-34480
|
2026-04-25 03:21 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3874
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: fix locking for bcm_op runtime updates
Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates")
added a…
|
CWE-667
Improper Locking
|
CVE-2026-23362
|
2026-04-25 03:21 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3875
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
can: bcm: corregir el bloqueo para las actualizaciones en tiempo de ejecución de bcm_op
El commit c2aba69d0c36 ('can: bcm: añadi…
|
CWE-667
Improper Locking
|
CVE-2026-23362
|
2026-04-25 03:21 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3876
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix use-after-free on error path
In the error path of sev_tsm_init_locked(), the code dereferences 't'
after it has…
|
CWE-416
Use After Free
|
CVE-2026-23344
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3877
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
crypto: ccp - Corrección de uso después de liberación en la ruta de error
En la ruta de error de sev_tsm_init_locked(), el códig…
|
CWE-416
Use After Free
|
CVE-2026-23344
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3878
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled
When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace …
|
NVD-CWE-noinfo
|
CVE-2026-23345
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3879
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
arm64: gcs: No establecer PTE_SHARED en mapeos GCS si FEAT_LPA2 está habilitado
Cuando FEAT_LPA2 está habilitado, los bits 8-9 d…
|
NVD-CWE-noinfo
|
CVE-2026-23345
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3880
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API …
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2025-67259
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
