|
4291
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
The verify_dfa() function only checks DEFAULT_TABLE bounds wh…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-23407
|
2026-04-25 01:38 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4292
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"
This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1.
…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-23369
|
2026-04-25 01:38 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4293
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
set_new_password() hex dumps the entire buffer, which conta…
|
NVD-CWE-noinfo
|
CVE-2026-23370
|
2026-04-25 01:37 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4294
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
platform/x86: dell-wmi-sysman: No volcar en hexadecimal datos de contraseña en texto plano
set_new_password() vuelca en hexadeci…
|
NVD-CWE-noinfo
|
CVE-2026-23370
|
2026-04-25 01:37 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4295
|
8.3 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain co…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41271
|
2026-04-25 01:37 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4296
|
7.1 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Sid…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41272
|
2026-04-25 01:37 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4297
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID c…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4966
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4298
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2026-4968
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4299
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the a…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4969
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4300
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argu…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4970
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
