Common Vulnerabilities and Exposures (CVE)

CVE-2026-23427

Apr 3, 2026 15:15:14 UTC

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection w...

CVE-2025-59711

Apr 3, 2026 15:12:37 UTC

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication f...

CVE-2026-26477

Apr 3, 2026 15:04:29 UTC

An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file

CVE-2026-25747

Apr 3, 2026 14:58:54 UTC

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without appl...

CVE-2026-25773

Apr 3, 2026 14:57:00 UTC

** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id fiel...

CVE-2026-28736

Apr 3, 2026 14:54:37 UTC

** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a st...

CVE-2026-5452

Apr 3, 2026 14:45:11 UTC

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded crypto...

CVE-2026-5457

Apr 3, 2026 14:44:45 UTC

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.age...

CVE-2026-34832

Apr 3, 2026 14:43:14 UTC

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback po...

CVE-2026-34760

Apr 3, 2026 14:42:34 UTC

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 speci...

CVE-2026-30252

Apr 3, 2026 14:40:38 UTC

Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted UR...

CVE-2025-59710

Apr 3, 2026 14:39:54 UTC

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the serv...

CVE-2025-59709

Apr 3, 2026 14:39:38 UTC

An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service...

CVE-2026-30251

Apr 3, 2026 14:39:19 UTC

A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL ...

CVE-2026-35549

Apr 3, 2026 14:34:04 UTC

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large...