|
1401
|
8.8 |
HIGH
Network
|
kubeai
|
kubeai
|
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sp…
|
CWE-78
OS Command
|
CVE-2026-34940
|
2026-04-15 05:28 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1402
|
6.1 |
MEDIUM
Network
|
salesforce
|
workbench
|
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site script…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34951
|
2026-04-15 05:28 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1403
|
8.1 |
HIGH
Network
|
montferret
|
ferret
|
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to writ…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-34783
|
2026-04-15 05:28 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1404
|
7.7 |
HIGH
Network
|
openobserve
|
openobserve
|
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/handler/http/request/enrichment_table/mod.rs fails to block IPv6 addresses bec…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39361
|
2026-04-15 05:28 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1405
|
5.0 |
MEDIUM
Network
|
linkace
|
linkace
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read respons…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-35516
|
2026-04-15 05:27 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1406
|
9.8 |
CRITICAL
Network
|
webtechnologies
|
changedetection
|
changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. …
|
CWE-863
Incorrect Authorization
|
CVE-2026-35490
|
2026-04-15 05:27 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1407
|
9.8 |
CRITICAL
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access …
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-35458
|
2026-04-15 05:27 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1408
|
7.5 |
HIGH
Network
|
orthanc-server
|
orthanc
|
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value with…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-5440
|
2026-04-15 05:26 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1409
|
7.1 |
HIGH
Local
|
orthanc-server
|
orthanc
|
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5444
|
2026-04-15 05:20 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1410
|
9.8 |
CRITICAL
Network
|
orthanc-server
|
orthanc
|
A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5443
|
2026-04-15 05:19 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
