|
311
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo…
New
|
CWE-89
SQL Injection
|
CVE-2026-41460
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
8.5 |
HIGH
Network
|
-
|
-
|
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41461
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
- |
|
-
|
-
|
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.
New
|
-
|
CVE-2025-50229
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an opti…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62373
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that i…
New
|
CWE-306
CWE-441
Missing Authentication for Critical Function
Confused Deputy
|
CVE-2026-23751
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
- |
|
-
|
-
|
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code executi…
New
|
CWE-59
Link Following
|
CVE-2026-33694
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
7.7 |
HIGH
Network
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() fun…
New
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-40886
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40894
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41078
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies fr…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41173
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
