|
5601
|
- |
|
-
|
-
|
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the applic…
|
CWE-603
Use of Client-Side Authentication
|
CVE-2026-40551
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5602
|
- |
|
-
|
-
|
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connecte…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-40550
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5603
|
5.9 |
MEDIUM
Network
|
-
|
-
|
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An un…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-40355
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5604
|
8.8 |
HIGH
Adjacent
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
The NFC-A anti-collision cascade in digital_in_recv_sdd_re…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-31622
|
2026-04-28 23:14 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5605
|
4.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
A malicious USB device with the TASCAM US-144MKII device id can hav…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31620
|
2026-04-28 23:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5606
|
7.7 |
HIGH
Network
|
argoproj
|
argo_workflows
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() fun…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-40886
|
2026-04-28 23:09 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5607
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: fireworks: bound device-supplied status before string array lookup
The status field in an EFW response is a 32-bit value su…
|
NVD-CWE-noinfo
|
CVE-2026-31619
|
2026-04-28 23:09 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5608
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divid…
|
CWE-369
Divide By Zero
|
CVE-2026-31618
|
2026-04-28 23:07 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5609
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bnge: return after auxiliary_device_uninit() in error path
When auxiliary_device_add() fails, the error block calls
auxiliary_dev…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-31621
|
2026-04-28 23:05 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5610
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
HID: core: clamp report_size in s32ton() to avoid undefined shift
s32ton() shifts by n-1 where n is the field's report_size, a va…
|
NVD-CWE-noinfo
|
CVE-2026-31624
|
2026-04-28 23:02 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
