Total
182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20293 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. This vulnerability is due to incomplete cleanup upon completion of the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests to an affected device. A successful exploit could allow the attacker to request a certificate from the virtual wireless controller and then use the acquired certificate to join an attacker-controlled device to the virtual wireless controller. | |||||
| CVE-2024-21977 | 2026-04-15 | N/A | 3.2 LOW | ||
| Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests. | |||||
| CVE-2024-53881 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. | |||||
| CVE-2025-29934 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. | |||||
| CVE-2024-53869 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2024-36353 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality. | |||||
| CVE-2025-0032 | 2026-04-15 | N/A | 7.2 HIGH | ||
| Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution. | |||||
| CVE-2023-20518 | 2026-04-15 | N/A | 1.9 LOW | ||
| Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. | |||||
| CVE-2025-6338 | 2026-04-15 | N/A | N/A | ||
| There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2. | |||||
| CVE-2025-43711 | 2026-04-15 | N/A | 8.1 HIGH | ||
| Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications. | |||||
| CVE-2026-3304 | 1 Expressjs | 1 Multer | 2026-03-19 | N/A | 7.5 HIGH |
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. | |||||
| CVE-2026-28268 | 1 Vikunja | 1 Vikunja | 2026-03-06 | N/A | 9.8 CRITICAL |
| Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid forever. This allows an attacker who intercepts a single reset token (via logs, browser history, or phishing) to perform a complete, persistent account takeover at any point in the future, bypassing standard authentication controls. Version 2.1.0 contains a patch for the issue. | |||||
| CVE-2026-28196 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 2.3 LOW |
| In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk | |||||
| CVE-2026-21438 | 1 Quic-go | 1 Webtransport-go | 2026-02-19 | N/A | 5.3 MEDIUM |
| webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0. | |||||
| CVE-2025-15331 | 1 Tanium | 1 Connect | 2026-02-10 | N/A | 4.3 MEDIUM |
| Tanium addressed an uncontrolled resource consumption vulnerability in Connect. | |||||
| CVE-2025-64775 | 1 Apache | 1 Struts | 2026-01-26 | N/A | 7.5 HIGH |
| Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. | |||||
| CVE-2025-38177 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe. | |||||
| CVE-2025-66675 | 1 Apache | 1 Struts | 2025-12-16 | N/A | 8.2 HIGH |
| Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4 | |||||
| CVE-2025-37908 | 1 Linux | 1 Linux Kernel | 2025-11-17 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error, shutdown_mem_profiling() is called: slab->obj_exts which previously allocated remains. It won't be cleared by unaccount_slab() because of mem_alloc_profiling_enabled() not true. It's incorrect, slab->obj_exts should always be cleaned up in unaccount_slab() to avoid following error: [...]BUG: Bad page state in process... .. [...]page dumped because: page still charged to cgroup [andriy.shevchenko@linux.intel.com: fold need_slab_obj_ext() into its only user] | |||||
| CVE-2023-41835 | 1 Apache | 1 Struts | 2025-11-04 | N/A | 7.5 HIGH |
| When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. | |||||