|
5231
|
8.1 |
HIGH
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno c…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2026-40868
|
2026-04-28 04:41 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5232
|
9.9 |
CRITICAL
Network
|
microsoft
|
azure_iot_central
|
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
|
CWE-200
Information Exposure
|
CVE-2026-21515
|
2026-04-28 04:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5233
|
6.5 |
MEDIUM
Network
|
frappe
|
frappe_hr
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting…
|
CWE-284
Improper Access Control
|
CVE-2026-40888
|
2026-04-28 04:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5234
|
6.5 |
MEDIUM
Network
|
frappe
|
frappe_hr
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Ver…
|
CWE-284
Improper Access Control
|
CVE-2026-40889
|
2026-04-28 04:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5235
|
6.5 |
MEDIUM
Network
|
frappe
|
frappe_hr
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, al…
|
CWE-89
SQL Injection
|
CVE-2026-41320
|
2026-04-28 04:38 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5236
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41312
|
2026-04-28 04:31 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5237
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a…
|
CWE-834
Excessive Iteration
|
CVE-2026-41313
|
2026-04-28 04:30 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5238
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41314
|
2026-04-28 04:29 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5239
|
9.1 |
CRITICAL
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabl…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-40575
|
2026-04-28 04:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5240
|
8.2 |
HIGH
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-41059
|
2026-04-28 04:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
