|
2711
|
8.8 |
HIGH
Network
|
mathjs
|
mathjs
|
Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be a…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-40897
|
2026-04-27 23:47 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2712
|
4.3 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-31956
|
2026-04-27 23:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2713
|
4.9 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31955
|
2026-04-27 23:43 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2714
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 …
|
CWE-79
Cross-site Scripting
|
CVE-2026-31953
|
2026-04-27 23:43 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2715
|
3.3 |
LOW
Local
|
chainguard
|
melange
|
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also usable via `me…
|
CWE-22
Path Traversal
|
CVE-2026-29051
|
2026-04-27 23:42 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2716
|
8.1 |
HIGH
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API rou…
|
CWE-89
CWE-184
SQL Injection
Incomplete Blacklist
|
CVE-2026-31952
|
2026-04-27 23:33 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2717
|
6.1 |
MEDIUM
Local
|
chainguard
|
melange
|
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for exampl…
|
CWE-22
Path Traversal
|
CVE-2026-29050
|
2026-04-27 23:31 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2718
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
HID: alps: fix NULL pointer dereference in alps_raw_event()
Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event
…
|
-
|
CVE-2026-31625
|
2026-04-27 23:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2719
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: em28xx: fix use-after-free in em28xx_v4l2_open()
em28xx_v4l2_open() reads dev->v4l2 without holding dev->lock,
creating a …
|
-
|
CVE-2026-31583
|
2026-04-27 23:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2720
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: 6fire: fix use-after-free on disconnect
In usb6fire_chip_abort(), the chip struct is allocated as the card's
private data (…
|
-
|
CVE-2026-31581
|
2026-04-27 23:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
