Total
13164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0014 | 1 Google | 1 Android | 2026-04-16 | 6.2 Medium |
| In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0015 | 1 Google | 1 Android | 2026-04-16 | 6.2 Medium |
| In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0034 | 1 Google | 1 Android | 2026-04-16 | 8.4 High |
| In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-62455 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-16 | 7.8 High |
| Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64666 | 1 Microsoft | 4 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 1 more | 2026-04-16 | 7.5 High |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-62571 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-16 | 7.8 High |
| Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-3204 | 1 Devolutions | 2 Devolutions Server, Server | 2026-04-16 | 9.8 Critical |
| Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL. | ||||
| CVE-2026-27443 | 1 Seppmail | 2 Seppmail, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers. | ||||
| CVE-2016-8624 | 2 Haxx, Redhat | 3 Curl, Jboss Core Services, Rhel Software Collections | 2026-04-16 | N/A |
| curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. | ||||
| CVE-2026-20020 | 1 Cisco | 2 Adaptive Security Appliance Software, Secure Firewall Threat Defense | 2026-04-16 | 6.8 Medium |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulnerability is due to insufficient input validation when processing OSPF update packets. An attacker could exploit this vulnerability by sending crafted OSPF update packets. A successful exploit could allow the attacker to create a buffer overflow, causing the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2026-29791 | 2 Agentgateway, Lfprojects | 2 Agentgateway, Agentgateway | 2026-04-16 | 4.9 Medium |
| Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in version 0.12.0. | ||||
| CVE-2026-20812 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-04-16 | 6.5 Medium |
| Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network. | ||||
| CVE-2026-20856 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-04-16 | 8.1 High |
| Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-24733 | 2 Apache, Apache Tomcat | 2 Tomcat, Apache Tomcat | 2026-04-16 | 6.5 Medium |
| Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue. | ||||
| CVE-2026-24734 | 2 Apache, Apache Tomcat | 3 Tomcat, Tomcat Native, Apache Tomcat | 2026-04-16 | 7.4 High |
| Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue. | ||||
| CVE-2026-3288 | 1 Kubernetes | 1 Ingress-nginx | 2026-04-16 | 8.8 High |
| A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2026-26310 | 1 Envoyproxy | 1 Envoy | 2026-04-16 | 5.9 Medium |
| Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13. | ||||
| CVE-2026-21229 | 1 Microsoft | 1 Power Bi Report Server | 2026-04-16 | 8 High |
| Improper input validation in Power BI allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-20627 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-04-16 | 5.5 Medium |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2026-04-16 | N/A |
| The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | ||||