Security Vulnerabilities
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-04-13
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.1
EPSS Score
0.0
Published
2026-04-13
UAF vulnerability in the kernel module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-13
Race condition vulnerability in the thermal management module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-04-13
Vulnerability of improper permission control in the theme setting module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-13
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-04-12
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-04-12
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Known exploited
CVSS Score
8.6
EPSS Score
0.061
Published
2026-04-11
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-11
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-04-11