Security Vulnerabilities - CVEs Published In April 2026
iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it.
A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-04-30
ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution
CVSS Score
8.8
EPSS Score
0.001
Published
2026-04-30
FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
CVSS Score
8.7
EPSS Score
0.0
Published
2026-04-30
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30