|
581
|
4.2 |
MEDIUM
Network
|
-
|
-
|
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the …
New
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-40968
|
2026-04-29 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
7.5 |
HIGH
Network
|
-
|
-
|
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31256
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
5.4 |
MEDIUM
Network
|
tenda
|
ac18_firmware
|
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows…
New
|
CWE-77
Command Injection
|
CVE-2026-31255
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without pro…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29971
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements…
New
|
CWE-94
Code Injection
|
CVE-2026-27760
|
2026-04-29 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime upda…
New
|
CWE-295
CWE-296
CWE-494
Improper Certificate Validation
Improper Following of a Certificate's Chain of Trust
Download of Code Without Integrity Check
|
CVE-2025-10539
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
9.4 |
CRITICAL
Network
|
-
|
-
|
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
New
|
CWE-89
SQL Injection
|
CVE-2024-46636
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.
New
|
CWE-89
SQL Injection
|
CVE-2021-36438
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
8.1 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOB reads parsing symlink error response
When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message()
r…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31613
|
2026-04-29 00:13 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usbip: validate number_of_packets in usbip_pack_ret_submit()
When a USB/IP client receives a RET_SUBMIT response,
usbip_pack_ret_…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31607
|
2026-04-29 00:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
