|
191
|
8.8 |
HIGH
Network
|
-
|
-
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workfl…
New
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-40316
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
8.2 |
HIGH
Network
|
-
|
-
|
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search …
New
|
CWE-90
LDAP Injection
|
CVE-2026-40193
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40502
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /mem…
New
|
CWE-22
Path Traversal
|
CVE-2026-40503
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
9.3 |
CRITICAL
Local
|
-
|
-
|
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-40959
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
8.1 |
HIGH
Local
|
-
|
-
|
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the re…
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40960
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
7.5 |
HIGH
Network
|
-
|
-
|
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repo…
New
|
CWE-200
CWE-202
CWE-209
Information Exposure
Exposure of Sensitive Information Through Data Queries
Information Exposure Through an Error Message
|
CVE-2026-40245
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-40504
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
4.9 |
MEDIUM
Local
|
-
|
-
|
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40962
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
7.4 |
HIGH
Local
|
-
|
-
|
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release…
New
|
CWE-78
OS Command
|
CVE-2026-41015
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
