Total
35011 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23896 | 2 Futo, Immich-app | 2 Immich, Immich | 2026-04-15 | 7.2 High |
| immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue. | ||||
| CVE-2026-23222 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too small allocation. Use sizeof(*new_sg) to get the correct object size. | ||||
| CVE-2026-23236 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.3 High |
| In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel. | ||||
| CVE-2026-23229 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well. | ||||
| CVE-2026-23230 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields. | ||||
| CVE-2026-2757 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 9.8 Critical |
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2759 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 9.8 Critical |
| Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2760 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 10 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2761 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 10 Critical |
| Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2768 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 10 Critical |
| Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2780 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2782 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2790 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 8.8 High |
| Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2634 | 1 Mozilla | 2 Firefox, Firefox For Ios | 2026-04-15 | 9.8 Critical |
| Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4. | ||||
| CVE-2026-2800 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 9.8 Critical |
| Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-2803 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 7.5 High |
| Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-2805 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 9.8 Critical |
| Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-3058 | 3 S-sols, Seraphinitesolutions, Wordpress | 3 Seraphinite Accelerator, Seraphinite Accelerator, Wordpress | 2026-04-15 | 4.3 Medium |
| The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state. | ||||
| CVE-2026-26125 | 1 Microsoft | 1 Payment Orchestrator Service | 2026-04-15 | 8.6 High |
| Payment Orchestrator Service Elevation of Privilege Vulnerability | ||||
| CVE-2026-33151 | 1 Socket | 2 Socket.io, Socket.io-parser | 2026-04-15 | 7.5 High |
| Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6. | ||||