|
151
|
8.3 |
HIGH
Network
|
-
|
-
|
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/…
New
|
CWE-88
Argument Injection
|
CVE-2026-39884
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as…
New
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2026-39963
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
7.2 |
HIGH
Network
|
-
|
-
|
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SM…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-39971
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
- |
|
-
|
-
|
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBl…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2025-14813
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
- |
|
-
|
-
|
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is asso…
New
|
CWE-90
LDAP Injection
|
CVE-2026-0636
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
- |
|
-
|
-
|
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-33808
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimest…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-39984
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
7.1 |
HIGH
Network
|
-
|
-
|
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect docume…
New
|
CWE-22
Path Traversal
|
CVE-2026-40090
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
- |
|
-
|
-
|
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is…
New
|
CWE-79
CWE-601
Cross-site Scripting
Open Redirect
|
CVE-2026-40096
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
9.1 |
CRITICAL
Network
|
-
|
-
|
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is register…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-33807
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
