|
3701
|
2.7 |
LOW
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their tok…
|
CWE-1259
Improper Restriction of Security Token Assignment
|
CVE-2026-40264
|
2026-04-24 22:29 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3702
|
4.9 |
MEDIUM
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use …
|
CWE-89
SQL Injection
|
CVE-2026-39946
|
2026-04-24 22:28 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3703
|
3.1 |
LOW
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` i…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-39388
|
2026-04-24 22:27 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3704
|
7.6 |
HIGH
Network
|
openremote
|
openremote
|
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user wh…
|
CWE-611
XXE
|
CVE-2026-40882
|
2026-04-24 22:24 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3705
|
8.3 |
HIGH
Network
|
rustfs
|
rustfs
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions…
|
CWE-862
Missing Authorization
|
CVE-2026-40937
|
2026-04-24 22:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3706
|
7.0 |
HIGH
Network
|
openremote
|
openremote
|
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users…
|
CWE-284
Improper Access Control
|
CVE-2026-41166
|
2026-04-24 22:10 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3707
|
5.3 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-ref…
|
CWE-834
Excessive Iteration
|
CVE-2026-41168
|
2026-04-24 22:07 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3708
|
5.9 |
MEDIUM
Network
|
leancrypto
|
leancrypto
|
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to ui…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2026-34610
|
2026-04-24 22:01 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3709
|
7.5 |
HIGH
Network
|
saitoha
|
libsixel
|
libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-14072
|
2026-04-24 21:56 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3710
|
7.5 |
HIGH
Network
|
saitoha
|
libsixel
|
libsixel 1.8.1 tiene una fuga de memoria en sixel_decoder_decode en decoder.c e image_buffer_resize en fromsixel.c y sixel_decode_raw en fromsixel.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-14072
|
2026-04-24 21:56 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
