Common Vulnerabilities and Exposures (CVE)

CVE-2026-34580

Apr 9, 2026 03:56:10 UTC

Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the...

CVE-2026-34765

Apr 9, 2026 03:56:09 UTC

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly ...

CVE-2026-34078

Apr 9, 2026 03:56:08 UTC

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the r...

CVE-2026-28387

Apr 9, 2026 03:56:06 UTC

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary:...

CVE-2026-31789

Apr 9, 2026 03:56:04 UTC

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled co...

CVE-2026-4788

Apr 9, 2026 03:56:00 UTC

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.

CVE-2026-1346

Apr 9, 2026 03:55:59 UTC

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a lo...

CVE-2026-27140

Apr 9, 2026 03:55:58 UTC

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

CVE-2026-27102

Apr 9, 2026 03:55:56 UTC

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabil...

CVE-2026-28261

Apr 9, 2026 03:55:55 UTC

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local acc...

CVE-2026-1340

Apr 9, 2026 03:55:54 UTC

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

CVE-2026-5839

Apr 9, 2026 03:45:14 UTC

A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack m...

CVE-2026-5838

Apr 9, 2026 03:30:14 UTC

A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be ini...

CVE-2026-5742

Apr 9, 2026 03:25:58 UTC

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering use...

CVE-2026-4336

Apr 9, 2026 03:25:57 UTC

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity_decode() on post_content during renderin...