|
71
|
6.1 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40333
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A c…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40324
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
- |
|
-
|
-
|
SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 re…
New
|
CWE-345
CWE-354
Insufficient Verification of Data Authenticity
Improper Validation of Integrity Check Value
|
CVE-2026-40323
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
7.5 |
HIGH
Network
|
-
|
-
|
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API en…
New
|
CWE-200
Information Exposure
|
CVE-2026-2262
|
2026-04-18 09:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-5250
|
2026-04-18 08:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences) applies submitted preference values without chec…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-40486
|
2026-04-18 08:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
- |
|
-
|
-
|
monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe sig…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40481
|
2026-04-18 08:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a us…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40479
|
2026-04-18 08:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2434
|
2026-04-18 08:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
- |
|
-
|
-
|
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPActio…
New
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-5720
|
2026-04-18 07:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
