|
621
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId…
|
CWE-285
CWE-636
Improper Authorization
Not Failing Securely ('Failing Open')
|
CVE-2026-40247
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2024-58343
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
8.6 |
HIGH
Network
|
-
|
-
|
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions …
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-22734
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can cra…
|
CWE-776
XML Entity Expansion
|
CVE-2026-40260
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/pol…
|
CWE-636
CWE-754
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-40249
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
- |
|
-
|
-
|
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied argument…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40308
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
6.8 |
MEDIUM
Local
|
-
|
-
|
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but n…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40253
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
6.1 |
MEDIUM
Network
|
-
|
-
|
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions pr…
|
CWE-601
Open Redirect
|
CVE-2026-40255
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
- |
|
-
|
-
|
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service att…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-6482
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
5.5 |
MEDIUM
Local
|
-
|
-
|
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party impl…
|
CWE-269
Improper Privilege Management
|
CVE-2025-70795
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
