|
631
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-bu…
New
|
CWE-426
Untrusted Search Path
|
CVE-2026-7309
|
2026-04-28 22:19 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-ag…
New
|
CWE-22
Path Traversal
|
CVE-2026-7271
|
2026-04-28 22:19 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
- |
|
-
|
-
|
P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate…
Update
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-6043
|
2026-04-28 22:19 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
- |
|
-
|
-
|
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their …
New
|
CWE-285
Improper Authorization
|
CVE-2026-5781
|
2026-04-28 22:19 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
- |
|
-
|
-
|
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authentic…
New
|
CWE-284
Improper Access Control
|
CVE-2026-5780
|
2026-04-28 22:19 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
- |
|
-
|
-
|
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the inf…
New
|
CWE-284
Improper Access Control
|
CVE-2026-5779
|
2026-04-28 22:19 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
8.8 |
HIGH
Network
|
-
|
-
|
The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Con…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-27172
|
2026-04-28 22:18 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-fsl-lpspi: fix teardown order issue (UAF)
There is a teardown order issue in the driver. The SPI controller is
registere…
Update
|
CWE-416
Use After Free
|
CVE-2026-31485
|
2026-04-28 22:12 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (pmbus/core) Protect regulator operations with mutex
The regulator operations pmbus_regulator_get_voltage(),
pmbus_regulat…
Update
|
CWE-667
Improper Locking
|
CVE-2026-31486
|
2026-04-28 22:06 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
spi: use generic driver_override infrastructure
When a driver is probed through __driver_attach(), the bus' match()
callback is c…
Update
|
CWE-667
Improper Locking
|
CVE-2026-31487
|
2026-04-28 22:05 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
