|
241
|
- |
|
-
|
-
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerT…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40901
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass t…
New
|
CWE-305
CWE-319
Authentication Bypass by Primary Weakness
Cleartext Transmission of Sensitive Information
|
CVE-2026-33472
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-34164
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
- |
|
-
|
-
|
mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks int…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39313
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI…
New
|
CWE-285
Improper Authorization
|
CVE-2026-40246
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId…
New
|
CWE-285
CWE-636
Improper Authorization
Not Failing Securely ('Failing Open')
|
CVE-2026-40247
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
- |
|
-
|
-
|
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocat…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35469
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
7.5 |
HIGH
Network
|
-
|
-
|
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack bu…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-40170
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether th…
New
|
CWE-285
CWE-636
Improper Authorization
Not Failing Securely ('Failing Open')
|
CVE-2026-40248
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/pol…
New
|
CWE-636
CWE-754
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-40249
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
