|
311
|
9.6 |
CRITICAL
Network
|
-
|
-
|
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply …
Update
|
CWE-20
CWE-22
Improper Input Validation
Path Traversal
|
CVE-2026-39399
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
9.9 |
CRITICAL
Network
|
-
|
-
|
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the serve…
Update
|
CWE-94
CWE-917
Code Injection
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-39842
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
8.1 |
HIGH
Network
|
-
|
-
|
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2025-40897
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
8.9 |
HIGH
Network
|
-
|
-
|
A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-40899
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
8.3 |
HIGH
Network
|
-
|
-
|
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/…
Update
|
CWE-88
Argument Injection
|
CVE-2026-39884
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as…
Update
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2026-39963
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
7.2 |
HIGH
Network
|
-
|
-
|
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SM…
Update
|
CWE-113
HTTP Response Splitting
|
CVE-2026-39971
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimest…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2026-39984
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
7.1 |
HIGH
Network
|
-
|
-
|
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect docume…
Update
|
CWE-22
Path Traversal
|
CVE-2026-40090
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
- |
|
-
|
-
|
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBl…
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2025-14813
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
