|
801
|
- |
|
-
|
-
|
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner …
New
|
CWE-1025
Comparison Using Wrong Factors
|
CVE-2026-40880
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
- |
|
-
|
-
|
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra wo…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40881
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
- |
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause a…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40883
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
9.8 |
CRITICAL
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started w…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40884
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
- |
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global ba…
New
|
CWE-200
Information Exposure
|
CVE-2026-40885
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40888
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Ver…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40889
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
7.5 |
HIGH
Network
|
-
|
-
|
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > charact…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40890
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
9.1 |
CRITICAL
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-40903
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, al…
New
|
CWE-89
SQL Injection
|
CVE-2026-41320
|
2026-04-23 06:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
