|
1391
|
7.5 |
HIGH
Network
|
apache
|
log4j
|
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-34480
|
2026-04-25 03:21 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: fix locking for bcm_op runtime updates
Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates")
added a…
|
CWE-667
Improper Locking
|
CVE-2026-23362
|
2026-04-25 03:21 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
can: bcm: corregir el bloqueo para las actualizaciones en tiempo de ejecución de bcm_op
El commit c2aba69d0c36 ('can: bcm: añadi…
|
CWE-667
Improper Locking
|
CVE-2026-23362
|
2026-04-25 03:21 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix use-after-free on error path
In the error path of sev_tsm_init_locked(), the code dereferences 't'
after it has…
|
CWE-416
Use After Free
|
CVE-2026-23344
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
crypto: ccp - Corrección de uso después de liberación en la ruta de error
En la ruta de error de sev_tsm_init_locked(), el códig…
|
CWE-416
Use After Free
|
CVE-2026-23344
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled
When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace …
|
NVD-CWE-noinfo
|
CVE-2026-23345
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
arm64: gcs: No establecer PTE_SHARED en mapeos GCS si FEAT_LPA2 está habilitado
Cuando FEAT_LPA2 está habilitado, los bits 8-9 d…
|
NVD-CWE-noinfo
|
CVE-2026-23345
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API …
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2025-67259
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5506
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5508
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
