|
341
|
8.8 |
HIGH
Network
|
-
|
-
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workfl…
New
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-40316
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
8.2 |
HIGH
Network
|
-
|
-
|
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search …
New
|
CWE-90
LDAP Injection
|
CVE-2026-40193
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
7.5 |
HIGH
Network
|
-
|
-
|
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repo…
New
|
CWE-200
CWE-202
CWE-209
Information Exposure
Exposure of Sensitive Information Through Data Queries
Information Exposure Through an Error Message
|
CVE-2026-40245
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
9.3 |
CRITICAL
Local
|
-
|
-
|
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-40959
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
8.1 |
HIGH
Local
|
-
|
-
|
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the re…
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40960
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-40504
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
4.9 |
MEDIUM
Local
|
-
|
-
|
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40962
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
7.4 |
HIGH
Local
|
-
|
-
|
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release…
New
|
CWE-78
OS Command
|
CVE-2026-41015
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
8.8 |
HIGH
Local
|
-
|
-
|
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6348
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
- |
|
-
|
-
|
The
iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
New
|
CWE-78
OS Command
|
CVE-2026-6349
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
