|
771
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv()
raw_release() unregisters raw CAN receive filters via can_rx_unregister(),
but…
New
|
-
|
CVE-2026-31532
|
2026-04-24 01:17 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restri…
New
|
CWE-94
CWE-284
Code Injection
Improper Access Control
|
CVE-2026-31018
|
2026-04-24 01:15 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated …
New
|
CWE-78
OS Command
|
CVE-2026-31019
|
2026-04-24 01:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
8.8 |
HIGH
Network
|
pjsip
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validati…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-40614
|
2026-04-24 01:09 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
6.5 |
MEDIUM
Network
|
decidim
|
decidim
|
Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject an…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-40869
|
2026-04-24 01:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
9.8 |
CRITICAL
Network
|
pjsip
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed dige…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-40892
|
2026-04-24 01:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
8.1 |
HIGH
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-…
New
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-41056
|
2026-04-24 01:05 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
5.3 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities wh…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41055
|
2026-04-24 00:59 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
7.5 |
HIGH
Network
|
follow-redirects_project
|
follow-redirects
|
follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redire…
New
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-40895
|
2026-04-24 00:54 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40927
|
2026-04-24 00:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
