|
1191
|
7.5 |
HIGH
Network
|
nds-association
|
zserio
|
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up t…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-33524
|
2026-04-29 03:33 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1192
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix NULL dereference on notify error path
Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier
reg…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31544
|
2026-04-29 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1193
|
7.5 |
HIGH
Network
|
nds-association
|
zserio
|
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33666
|
2026-04-29 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1194
|
9.1 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the …
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41327
|
2026-04-29 03:31 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1195
|
9.1 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the …
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41328
|
2026-04-29 03:31 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1196
|
9.1 |
CRITICAL
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41415
|
2026-04-29 03:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1197
|
7.5 |
HIGH
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymm…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41416
|
2026-04-29 03:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1198
|
9.8 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is …
|
CWE-200
Information Exposure
|
CVE-2026-41492
|
2026-04-29 03:28 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1199
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
HID: apple: avoid memory leak in apple_report_fixup()
The apple_report_fixup() function was returning a
newly kmemdup()-allocated…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31520
|
2026-04-29 03:27 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1200
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
module: Fix kernel panic when a symbol st_shndx is out of bounds
The module loader doesn't check for bounds of the ELF section in…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31521
|
2026-04-29 03:26 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
