|
5221
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: rfkill: prevent unlimited numbers of rfkill events from being created
Userspace can create an unlimited number of rfkill eve…
|
NVD-CWE-noinfo
|
CVE-2026-31670
|
2026-04-28 05:10 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5222
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: clear trailing padding in build_polexpire()
build_expire() clears the trailing padding bytes of struct
xfrm_user_expire aft…
|
NVD-CWE-noinfo
|
CVE-2026-31664
|
2026-04-28 04:59 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5223
|
9.1 |
CRITICAL
Network
|
microsoft
|
asp.net_core
|
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-40372
|
2026-04-28 04:57 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5224
|
3.7 |
LOW
Network
|
bacnetstack
|
bacnet_stack
|
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes …
|
CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
CVE-2026-40279
|
2026-04-28 04:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5225
|
6.8 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40574
|
2026-04-28 04:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5226
|
7.5 |
HIGH
Network
|
ransomlook
|
ransomlook
|
RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web…
|
CWE-200
Information Exposure
|
CVE-2026-40584
|
2026-04-28 04:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5227
|
9.0 |
CRITICAL
Network
|
craftycontrol
|
crafty_controller
|
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permiss…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5652
|
2026-04-28 04:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5228
|
4.8 |
MEDIUM
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwa…
|
CWE-346
Origin Validation Error
|
CVE-2026-40594
|
2026-04-28 04:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5229
|
5.6 |
MEDIUM
Local
|
home-assistant-ecosystem
|
home_assistant_command-line_interface
|
The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates inste…
|
CWE-94
CWE-1336
Code Injection
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-40602
|
2026-04-28 04:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5230
|
5.5 |
MEDIUM
Local
|
dayuanjiang
|
next_ai_draw.io
|
Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40608
|
2026-04-28 04:41 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
