|
1241
|
7.5 |
HIGH
Network
|
orthanc-server
|
orthanc
|
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed si…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-5439
|
2026-04-16 04:32 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
7.5 |
HIGH
Network
|
orthanc-server
|
orthanc
|
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-5438
|
2026-04-16 04:31 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
6.5 |
MEDIUM
Network
|
minio
|
minio
|
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processi…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39414
|
2026-04-16 04:30 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers ca…
|
CWE-648
CWE-863
Incorrect Use of Privileged APIs
Incorrect Authorization
|
CVE-2026-35645
|
2026-04-16 04:25 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
6.1 |
MEDIUM
Network
|
circl
|
ail_framework
|
AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item pre…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39416
|
2026-04-16 04:20 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
9.1 |
CRITICAL
Network
|
kcp
|
kcp
|
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and…
|
CWE-302
CWE-862
Authentication Bypass by Assumed-Immutable Data
Missing Authorization
|
CVE-2026-39429
|
2026-04-16 04:15 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
7.5 |
HIGH
Network
|
orthanc-server
|
orthanc
|
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocat…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-5437
|
2026-04-16 04:14 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
7.5 |
HIGH
Network
|
zauberzeug
|
nicegui
|
NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes (/) as path separators, an attacker can bypass this sanitization on Windows by using backs…
|
CWE-22
Path Traversal
|
CVE-2026-39844
|
2026-04-16 04:08 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
7.1 |
HIGH
Network
|
bugsink
|
bugsink
|
Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authenticat…
|
CWE-20
Improper Input Validation
|
CVE-2026-40162
|
2026-04-16 04:05 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
7.5 |
HIGH
Network
|
agentfront
frontmcp
|
\@frontmcp\/adapters
\@frontmcp\/sdk
frontmcp
mcp-from-openapi
|
FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in Op…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39885
|
2026-04-16 04:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
