|
91
|
- |
|
-
|
-
|
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This al…
New
|
CWE-787
CWE-823
Out-of-bounds Write
Use of Out-of-range Pointer Offset
|
CVE-2026-41907
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundan…
New
|
CWE-22
Path Traversal
|
CVE-2026-41894
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
7.6 |
HIGH
Network
|
-
|
-
|
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbit…
New
|
CWE-22
Path Traversal
|
CVE-2026-41419
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
5.3 |
MEDIUM
Network
|
-
|
-
|
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint (POST /api/access-tokens). …
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-41418
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
- |
|
-
|
-
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymm…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41416
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
- |
|
-
|
-
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41415
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
7.4 |
HIGH
Network
|
-
|
-
|
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with …
New
|
CWE-94
Code Injection
|
CVE-2026-41414
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the …
New
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41327
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
- |
|
-
|
-
|
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFil…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-41326
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
7.5 |
HIGH
Network
|
-
|
-
|
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33666
|
2026-04-25 04:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
