|
781
|
- |
|
-
|
-
|
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This al…
Update
|
CWE-787
CWE-823
Out-of-bounds Write
Use of Out-of-range Pointer Offset
|
CVE-2026-41907
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
782
|
- |
|
-
|
-
|
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invok…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41427
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
783
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41429
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
784
|
8.4 |
HIGH
Local
|
-
|
-
|
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker contr…
Update
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-41433
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
785
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold …
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6966
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
786
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TU…
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-6967
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
787
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute…
Update
|
CWE-22
Path Traversal
|
CVE-2026-6968
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
788
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowi…
Update
|
CWE-436
CWE-863
Interpretation Conflict
Incorrect Authorization
|
CVE-2026-41248
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
789
|
7.8 |
HIGH
Local
|
-
|
-
|
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTe…
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-42171
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
790
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation…
Update
|
CWE-404
CWE-835
Improper Resource Shutdown or Release
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-6985
|
2026-04-28 03:57 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
