|
2881
|
7.6 |
HIGH
Network
|
-
|
-
|
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbit…
|
CWE-22
Path Traversal
|
CVE-2026-41419
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2882
|
- |
|
-
|
-
|
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This al…
|
CWE-787
CWE-823
Out-of-bounds Write
Use of Out-of-range Pointer Offset
|
CVE-2026-41907
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2883
|
- |
|
-
|
-
|
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invok…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41427
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2884
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41429
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2885
|
8.4 |
HIGH
Local
|
-
|
-
|
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker contr…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-41433
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2886
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6966
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2887
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TU…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-6967
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2888
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute…
|
CWE-22
Path Traversal
|
CVE-2026-6968
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2889
|
7.8 |
HIGH
Local
|
-
|
-
|
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTe…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-42171
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2890
|
4.0 |
MEDIUM
Network
|
-
|
-
|
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2026-42254
|
2026-04-28 03:57 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
