|
581
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /mem…
|
CWE-22
Path Traversal
|
CVE-2026-40503
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
7.5 |
HIGH
Network
|
-
|
-
|
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repo…
|
CWE-200
CWE-202
CWE-209
Information Exposure
Exposure of Sensitive Information Through Data Queries
Information Exposure Through an Error Message
|
CVE-2026-40245
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
9.3 |
CRITICAL
Local
|
-
|
-
|
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-40959
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
8.1 |
HIGH
Local
|
-
|
-
|
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the re…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40960
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-40504
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
4.9 |
MEDIUM
Local
|
-
|
-
|
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40962
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
7.4 |
HIGH
Local
|
-
|
-
|
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release…
|
CWE-78
OS Command
|
CVE-2026-41015
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
8.8 |
HIGH
Local
|
-
|
-
|
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6348
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
- |
|
-
|
-
|
The
iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
|
CWE-78
OS Command
|
CVE-2026-6349
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6350
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
