|
381
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a us…
Update
|
CWE-94
Code Injection
|
CVE-2025-61260
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 …
Update
|
CWE-385
Covert Timing Channel
|
CVE-2025-69893
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-69993
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesyst…
Update
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-30480
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability …
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-31991
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 seq…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-6231
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks cou…
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2025-3756
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
- |
|
-
|
-
|
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-u…
Update
|
CWE-416
CWE-787
Use After Free
Out-of-bounds Write
|
CVE-2026-6100
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
- |
|
-
|
-
|
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the …
Update
|
CWE-77
Command Injection
|
CVE-2026-4786
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in tim…
Update
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-5086
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
