|
121
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements…
New
|
CWE-94
Code Injection
|
CVE-2026-27760
|
2026-04-29 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime upda…
New
|
CWE-295
CWE-296
CWE-494
Improper Certificate Validation
Improper Following of a Certificate's Chain of Trust
Download of Code Without Integrity Check
|
CVE-2025-10539
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
9.4 |
CRITICAL
Network
|
-
|
-
|
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
New
|
CWE-89
SQL Injection
|
CVE-2024-46636
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.
New
|
CWE-89
SQL Injection
|
CVE-2021-36438
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
8.1 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOB reads parsing symlink error response
When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message()
r…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31613
|
2026-04-29 00:13 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usbip: validate number_of_packets in usbip_pack_ret_submit()
When a USB/IP client receives a RET_SUBMIT response,
usbip_pack_ret_…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31607
|
2026-04-29 00:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
l2cap_ecred_data_rcv() reads the SDU le…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31512
|
2026-04-29 00:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix wildcard bind conflict check when using hash2
When binding a udp_sock to a local address and port, UDP uses
two hashes (…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31503
|
2026-04-29 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: fix fanout UAF in packet_release() via NETDEV_UP race
`packet_release()` has a race window where `NETDEV_UP` can re-register…
Update
|
CWE-416
Use After Free
|
CVE-2026-31504
|
2026-04-29 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
iavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the
v…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31505
|
2026-04-29 00:06 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
