|
881
|
7.3 |
HIGH
Network
|
-
|
-
|
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users…
New
|
CWE-304
Missing Critical Step in Authentication
|
CVE-2026-40542
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
7.5 |
HIGH
Network
|
-
|
-
|
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-6022
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
8.1 |
HIGH
Network
|
-
|
-
|
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the c…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-6023
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
2.5 |
LOW
Local
|
-
|
-
|
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-6842
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application …
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6843
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-6844
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially c…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-6845
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker c…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6846
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33256
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33257
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
