|
421
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an opti…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62373
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that i…
New
|
CWE-306
CWE-441
Missing Authentication for Critical Function
Confused Deputy
|
CVE-2026-23751
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
- |
|
-
|
-
|
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code executi…
New
|
CWE-59
Link Following
|
CVE-2026-33694
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
424
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40894
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41078
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies fr…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41173
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
- |
|
-
|
-
|
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is…
New
|
CWE-22
Path Traversal
|
CVE-2026-41205
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
8.7 |
HIGH
Network
|
-
|
-
|
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41241
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
8.1 |
HIGH
Network
|
-
|
-
|
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker…
New
|
CWE-94
Code Injection
|
CVE-2026-41246
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
- |
|
-
|
-
|
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg (background …
New
|
CWE-78
OS Command
|
CVE-2026-41247
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
