|
1071
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to…
|
CWE-562
|
CVE-2026-26399
|
2026-04-23 06:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1072
|
7.4 |
HIGH
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestam…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-40585
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
7.5 |
HIGH
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed w…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-40586
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
8.1 |
HIGH
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's exis…
|
CWE-620
Unverified Password Change
|
CVE-2026-40588
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
6.5 |
MEDIUM
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40587
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
4.1 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeS…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40566
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
5.8 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-40567
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
- |
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any auth…
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-40570
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
8.5 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization funct…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-40568
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
9.0 |
CRITICAL
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionInco…
|
CWE-284
CWE-915
Improper Access Control
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-40569
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
