|
841
|
8.2 |
HIGH
Network
|
-
|
-
|
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass ad…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-6823
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
8.4 |
HIGH
Local
|
-
|
-
|
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by craf…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-40706
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
- |
|
-
|
-
|
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity …
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40939
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
- |
|
-
|
-
|
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time …
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40942
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
6.9 |
MEDIUM
Local
|
-
|
-
|
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instanc…
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-41527
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
8.1 |
HIGH
Network
|
-
|
-
|
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an ab…
New
|
CWE-22
Path Traversal
|
CVE-2026-6832
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40924
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
7.5 |
HIGH
Network
|
-
|
-
|
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argume…
New
|
CWE-88
Argument Injection
|
CVE-2026-40938
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
6.4 |
MEDIUM
Adjacent
|
-
|
-
|
Zero Motorcycles firmware versions 44 and prior enable an attacker to
forcibly pair a device with the motorcycle via Bluetooth. Once paired,
an attacker can utilize over-the-air firmware updating f…
New
|
CWE-322
Key Exchange without Entity Authentication
|
CVE-2026-1354
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
- |
|
-
|
-
|
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands…
New
|
CWE-78
OS Command
|
CVE-2026-4821
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
