Medium
CVSS: 5.1
Yayın: 2026-04-03 15:16:06
A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was con…
High
CVSS: 7.5
Yayın: 2026-04-03 15:16:05
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file
High
CVSS: 8.3
Yayın: 2026-04-03 15:16:04
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the se…
Unknown
CVSS: -
Yayın: 2026-04-03 15:16:04
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and us…
Unknown
CVSS: -
Yayın: 2026-04-03 15:16:03
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Dire…
Medium
CVSS: 5.1
Yayın: 2026-04-03 14:16:33
A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remot…
Medium
CVSS: 4.3
Yayın: 2026-04-03 14:16:29
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone p…
High
CVSS: 8.1
Yayın: 2026-04-03 14:16:29
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which i…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
The logicvc_drm_config_parse() function calls of_get_child_by_name() to
find the "layers" node but fails t…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix ID register initialization for non-protected pKVM guests
In protected mode, the hypervisor maintains a separate instance of
the `kvm` structure for each VM. For non…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Validate command buffer payload count
The count field in the command header is used to determine the valid
payload size. Verify that the valid payload does not excee…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
btrfs: free pages on error in btrfs_uring_read_extent()
In this function the 'pages' object is never freed in the hopes that it is
picked up by btrfs_uring_read_finished() whenever…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ
handler") introduces a range check…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/configfs: Free ctx_restore_mid_bb in release
ctx_restore_mid_bb memory is allocated in wa_bb_store(), but
xe_config_device_release() only frees ctx_restore_post_bb.
Free ct…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:28
In the Linux kernel, the following vulnerability has been resolved:
wifi: wlcore: Fix a locking bug
Make sure that wl->mutex is locked before it is unlocked. This has been
detected by the Clang thread-safety analyzer.
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:27
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Fix circular locking dependency in rds_tcp_tune
syzbot reported a circular locking dependency in rds_tcp_tune() where
sk_net_refcnt_upgrade() is called while holding the s…
Unknown
CVSS: -
Yayın: 2026-04-03 14:16:27
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/reg_sr: Fix leak on xa_store failure
Free the newly allocated entry when xa_store() fails to avoid a memory
leak on the error path.
v2: use goto fail_free. (Bala)
(cherry…
High
CVSS: 7.3
Yayın: 2026-04-03 13:17:07
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
Medium
CVSS: 5.3
Yayın: 2026-04-03 12:16:19
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to lau…
High
CVSS: 7.3
Yayın: 2026-04-03 12:16:19
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.