|
91
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
New
|
CWE-123
Write-what-where Condition
|
CVE-2026-41952
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41220
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
- |
|
-
|
-
|
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlyin…
New
|
-
|
CVE-2026-38992
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
- |
|
-
|
-
|
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
New
|
-
|
CVE-2026-36841
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-25852
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
3.1 |
LOW
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
* the ap…
New
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-22741
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully pr…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22740
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
9.8 |
CRITICAL
Network
|
pipecat
|
pipecat
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an opti…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62373
|
2026-04-30 00:00 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
6.1 |
MEDIUM
Network
|
cure53
|
dompurify
|
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TA…
Update
|
CWE-79
CWE-183
Cross-site Scripting
Permissive List of Allowed Inputs
|
CVE-2026-41240
|
2026-04-29 23:58 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
The -EBUSY handling in tls_do_encryption(), introduced by c…
Update
|
CWE-416
Use After Free
|
CVE-2026-31533
|
2026-04-29 23:51 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
