|
4841
|
8.8 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix OOB write in QUERY_INFO for compound requests
When a compound request such as READ + QUERY_INFO(Security) is received,…
|
-
|
CVE-2026-31432
|
2026-04-27 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4842
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the assoc…
|
-
|
CVE-2026-31431
|
2026-04-27 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4843
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: skb: fix cross-cache free of KFENCE-allocated skb head
SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2
va…
|
-
|
CVE-2026-31429
|
2026-04-27 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4844
|
6.3 |
MEDIUM
Network
|
apache
|
dolphinscheduler
|
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.
This issue affects Apache DolphinScheduler:
Version >= 3.2.0 and < 3.3.1.
Attackers who can access the Maste…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62233
|
2026-04-27 22:45 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4845
|
6.6 |
MEDIUM
Local
|
saurabh-kumar
|
python-dotenv
|
python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewri…
|
CWE-59
CWE-61
Link Following
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-28684
|
2026-04-27 22:44 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4846
|
8.1 |
HIGH
Network
|
apache
|
dolphinscheduler
|
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution…
|
CWE-863
Incorrect Authorization
|
CVE-2026-23902
|
2026-04-27 22:42 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4847
|
6.1 |
MEDIUM
Network
|
astro
|
astro
|
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <sc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41067
|
2026-04-27 22:41 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4848
|
5.4 |
MEDIUM
Adjacent
|
openprinting
|
cups
|
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP bac…
|
CWE-125
CWE-200
Out-of-bounds Read
Information Exposure
|
CVE-2026-41079
|
2026-04-27 22:40 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4849
|
6.6 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file …
|
CWE-78
OS Command
|
CVE-2026-41411
|
2026-04-27 22:39 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4850
|
9.8 |
CRITICAL
Network
|
oracle
|
advanced_inbound_telephony
|
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily explo…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-34275
|
2026-04-27 22:09 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
