|
611
|
- |
|
-
|
-
|
Improper
access control in the vault documentation feature in Devolutions Server
2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via …
New
|
CWE-862
Missing Authorization
|
CVE-2026-6706
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
8.2 |
HIGH
Network
|
-
|
-
|
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible…
New
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-5944
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
- |
|
-
|
-
|
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an a…
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-40552
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
- |
|
-
|
-
|
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the applic…
New
|
CWE-603
Use of Client-Side Authentication
|
CVE-2026-40551
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
- |
|
-
|
-
|
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connecte…
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-40550
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
5.9 |
MEDIUM
Network
|
-
|
-
|
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An un…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-40355
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
6.2 |
MEDIUM
Local
|
-
|
-
|
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication paramete…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-35902
|
2026-04-28 23:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
8.8 |
HIGH
Adjacent
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
The NFC-A anti-collision cascade in digital_in_recv_sdd_re…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-31622
|
2026-04-28 23:14 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
4.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
A malicious USB device with the TASCAM US-144MKII device id can hav…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31620
|
2026-04-28 23:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
7.7 |
HIGH
Network
|
argoproj
|
argo_workflows
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() fun…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-40886
|
2026-04-28 23:09 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
