|
41
|
6.5 |
MEDIUM
Network
|
apache
|
thrift
|
Out-of-bounds Read vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41607
|
2026-04-29 03:39 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
7.5 |
HIGH
Network
|
apache
|
thrift
|
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-41636
|
2026-04-29 03:38 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
9.8 |
CRITICAL
Network
|
apache
|
pony_mail
|
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.
This issue affects all …
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41873
|
2026-04-29 03:37 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
7.5 |
HIGH
Network
|
nds-association
|
zserio
|
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up t…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-33524
|
2026-04-29 03:33 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix NULL dereference on notify error path
Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier
reg…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31544
|
2026-04-29 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
7.5 |
HIGH
Network
|
nds-association
|
zserio
|
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33666
|
2026-04-29 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
9.1 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the …
Update
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41327
|
2026-04-29 03:31 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
9.1 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the …
Update
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41328
|
2026-04-29 03:31 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
9.1 |
CRITICAL
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41415
|
2026-04-29 03:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
7.5 |
HIGH
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymm…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41416
|
2026-04-29 03:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
