|
3221
|
- |
|
-
|
-
|
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-35225
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3222
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that i…
|
CWE-306
CWE-441
Missing Authentication for Critical Function
Confused Deputy
|
CVE-2026-23751
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3223
|
- |
|
-
|
-
|
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code executi…
|
CWE-59
Link Following
|
CVE-2026-33694
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3224
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies fr…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41173
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3225
|
- |
|
-
|
-
|
A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful …
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-6074
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3226
|
6.8 |
MEDIUM
Network
|
-
|
-
|
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTT…
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-28525
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3227
|
- |
|
-
|
-
|
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an att…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6375
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3228
|
- |
|
-
|
-
|
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This re…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6376
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3229
|
9.8 |
CRITICAL
Network
|
-
|
-
|
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-26210
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3230
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execut…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41274
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
