|
401
|
6.8 |
MEDIUM
Local
|
-
|
-
|
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but n…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40253
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
6.1 |
MEDIUM
Network
|
-
|
-
|
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions pr…
New
|
CWE-601
Open Redirect
|
CVE-2026-40255
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
8.1 |
HIGH
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts pub…
New
|
CWE-285
Improper Authorization
|
CVE-2026-40259
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
9.0 |
CRITICAL
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-40322
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can cra…
New
|
CWE-776
XML Entity Expansion
|
CVE-2026-40260
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTM…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40922
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
- |
|
-
|
-
|
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service att…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-6482
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
5.5 |
MEDIUM
Local
|
-
|
-
|
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party impl…
New
|
CWE-269
Improper Privilege Management
|
CVE-2025-70795
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
- |
|
-
|
-
|
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP …
New
|
CWE-90
LDAP Injection
|
CVE-2026-40459
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
- |
|
-
|
-
|
PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site requ…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40458
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
