|
3131
|
9.8 |
CRITICAL
Network
|
weaver
|
e-cology
|
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows att…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-22679
|
2026-04-25 00:31 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3132
|
5.4 |
MEDIUM
Network
|
papra
|
papra
|
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. …
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2026-35460
|
2026-04-25 00:31 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3133
|
4.3 |
MEDIUM
Network
|
papra
|
papra
|
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no valida…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-35461
|
2026-04-25 00:29 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3134
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after
1071 error = aa_unpack(udata, &lh,…
|
CWE-415
Double Free
|
CVE-2026-23408
|
2026-04-25 00:24 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3135
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix differential encoding verification
Differential encoding allows loops to be created if it is abused. To
prevent thi…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-23409
|
2026-04-25 00:23 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3136
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix race on rawdata dereference
There is a race condition that leads to a use-after-free situation:
because the rawdata…
|
CWE-362
Race Condition
|
CVE-2026-23410
|
2026-04-25 00:23 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3137
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix race between freeing data and fs accessing it
AppArmor was putting the reference to i_private data on its end after…
|
CWE-362
Race Condition
|
CVE-2026-23411
|
2026-04-25 00:23 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3138
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bpf: defer hook memory release until rcu readers are done
Yiming Qian reports UaF when concurrent process is dumping h…
|
CWE-416
Use After Free
|
CVE-2026-23412
|
2026-04-25 00:23 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3139
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
clsact: Fix use-after-free in init/destroy rollback asymmetry
Fix a use-after-free in the clsact qdisc upon init/destroy rollback…
|
CWE-416
Use After Free
|
CVE-2026-23413
|
2026-04-25 00:22 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3140
|
4.3 |
MEDIUM
Network
|
papra
|
papra
|
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-35462
|
2026-04-25 00:22 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
