|
2221
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7140
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2222
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7145
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2223
|
4.0 |
MEDIUM
Local
|
gnupg
|
libgcrypt
|
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41990
|
2026-04-28 03:33 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2224
|
6.7 |
MEDIUM
Local
|
gnupg
|
libgcrypt
|
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41989
|
2026-04-28 03:33 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2225
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Exact UNIX diag lookups hold a reference to the socket, but not to
u->path…
|
-
|
CVE-2026-31673
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2226
|
7.1 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS.
rt_mt6() …
|
-
|
CVE-2026-31674
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2227
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_netem: fix out-of-bounds access in packet corruption
In netem_enqueue(), the packet corruption logic uses
get_rand…
|
-
|
CVE-2026-31675
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2228
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE during service challenge
Only process RESPONSE packets while the service connection is still in
RXRPC…
|
-
|
CVE-2026-31676
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2229
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - limit RX SG extraction by receive buffer budget
Make af_alg_get_rsgl() limit each RX scatterlist extraction to t…
|
-
|
CVE-2026-31677
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2230
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release
ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already
detached …
|
-
|
CVE-2026-31678
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
