|
941
|
- |
|
-
|
-
|
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time …
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40942
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
942
|
6.9 |
MEDIUM
Local
|
-
|
-
|
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instanc…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-41527
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
943
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40924
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
944
|
7.5 |
HIGH
Network
|
-
|
-
|
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argume…
|
CWE-88
Argument Injection
|
CVE-2026-40938
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
945
|
6.4 |
MEDIUM
Adjacent
|
-
|
-
|
Zero Motorcycles firmware versions 44 and prior enable an attacker to
forcibly pair a device with the motorcycle via Bluetooth. Once paired,
an attacker can utilize over-the-air firmware updating f…
|
CWE-322
Key Exchange without Entity Authentication
|
CVE-2026-1354
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
946
|
8.1 |
HIGH
Network
|
-
|
-
|
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an ab…
|
CWE-22
Path Traversal
|
CVE-2026-6832
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
947
|
- |
|
-
|
-
|
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3307
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
948
|
- |
|
-
|
-
|
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party …
|
CWE-185
Incorrect Regular Expression
|
CVE-2026-4296
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
949
|
- |
|
-
|
-
|
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands…
|
CWE-78
OS Command
|
CVE-2026-4821
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
950
|
- |
|
-
|
-
|
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobil…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-5512
|
2026-04-23 06:23 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
