|
81
|
5.2 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function read…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40339
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
5.2 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40338
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
5.1 |
MEDIUM
Local
|
-
|
-
|
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task…
New
|
CWE-283
Unverified Ownership
|
CVE-2026-40337
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
2.4 |
LOW
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a se…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-40336
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
5.2 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and I…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40335
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
3.5 |
LOW
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The functi…
New
|
CWE-170
Improper Null Termination
|
CVE-2026-40334
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
6.1 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40333
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A c…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40324
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
- |
|
-
|
-
|
SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 re…
New
|
CWE-345
CWE-354
Insufficient Verification of Data Authenticity
Improper Validation of Integrity Check Value
|
CVE-2026-40323
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
7.5 |
HIGH
Network
|
-
|
-
|
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API en…
New
|
CWE-200
Information Exposure
|
CVE-2026-2262
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
