Total
288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14688 | 1 Ibm | 1 Db2 | 2026-05-01 | N/A | 5.3 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. | |||||
| CVE-2026-1577 | 1 Ibm | 1 Db2 | 2026-05-01 | N/A | 6.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | |||||
| CVE-2026-6915 | 2026-04-30 | N/A | 6.3 MEDIUM | ||
| An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account. | |||||
| CVE-2025-32689 | 2026-04-29 | N/A | 7.5 HIGH | ||
| Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2. | |||||
| CVE-2013-0270 | 1 Openstack | 1 Keystone | 2026-04-29 | 5.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system. | |||||
| CVE-2026-3816 | 1 Owasp | 1 Defectdojo | 2026-04-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended. | |||||
| CVE-2026-41677 | 1 Rust-openssl Project | 1 Rust-openssl | 2026-04-28 | N/A | 9.1 CRITICAL |
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78. | |||||
| CVE-2026-1352 | 1 Ibm | 1 Db2 | 2026-04-27 | N/A | 6.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | |||||
| CVE-2026-6839 | 1 Samsung | 1 One | 2026-04-27 | N/A | 6.6 MEDIUM |
| Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0. | |||||
| CVE-2026-41285 | 1 Openbsd | 1 Openbsd | 2026-04-24 | N/A | 4.3 MEDIUM |
| In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero. | |||||
| CVE-2026-33471 | 1 Nimiq | 1 Nimiq Proof-of-stake | 2026-04-24 | N/A | 9.6 CRITICAL |
| nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced by 65536, these indices inflate `len()` but collide onto the same in-range `u16` slot during aggregation. This makes it possible for a malicious validator with far fewer than `2f+1` real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available. | |||||
| CVE-2026-40093 | 1 Nimiq | 1 Nimiq Proof-of-stake | 2026-04-24 | N/A | 8.1 HIGH |
| nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule. | |||||
| CVE-2026-25345 | 2026-04-24 | N/A | 9.9 CRITICAL | ||
| Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2. | |||||
| CVE-2025-58835 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6. | |||||
| CVE-2025-49292 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8. | |||||
| CVE-2009-4488 | 1 Varnish.projects.linpro | 1 Varnish | 2026-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely. | |||||
| CVE-2008-1440 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2026-04-23 | 7.1 HIGH | N/A |
| Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | |||||
| CVE-2008-2374 | 2 Bluez, Fedoraproject | 3 Bluez-libs, Bluez-utils, Fedora | 2026-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. | |||||
| CVE-2026-27384 | 2026-04-22 | N/A | 9.0 CRITICAL | ||
| Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1. | |||||
| CVE-2026-2403 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 4.3 MEDIUM |
| CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload. | |||||