|
611
|
7.1 |
HIGH
Network
|
-
|
-
|
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-m…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-30459
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
7.5 |
HIGH
Network
|
-
|
-
|
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the i…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-30656
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile…
|
CWE-863
Incorrect Authorization
|
CVE-2026-24749
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
- |
|
-
|
-
|
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The z…
|
CWE-120
CWE-131
Classic Buffer Overflow
Incorrect Calculation of Buffer Size
|
CVE-2026-27820
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
7.3 |
HIGH
Local
|
-
|
-
|
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-41082
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
8.3 |
HIGH
Network
|
-
|
-
|
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding spec…
|
CWE-1286
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-6442
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-34164
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
- |
|
-
|
-
|
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocat…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35469
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
- |
|
-
|
-
|
mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks int…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39313
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
- |
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI…
|
CWE-285
Improper Authorization
|
CVE-2026-40246
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
