|
561
|
- |
|
-
|
-
|
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.
New
|
-
|
CVE-2025-60889
|
2026-04-29 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Cl…
New
|
-
|
CVE-2025-60887
|
2026-04-29 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
8.1 |
HIGH
Adjacent
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
Syzbot reported a KASAN stack-out-of-bounds read in l2cap_…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31513
|
2026-04-29 01:15 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
7.5 |
HIGH
Network
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function e…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33662
|
2026-04-29 00:48 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
8.8 |
HIGH
Network
|
deskflow
|
deskflow
|
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds re…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-41476
|
2026-04-29 00:47 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
7.8 |
HIGH
Local
|
deskflow
|
deskflow
|
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes pr…
Update
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-41477
|
2026-04-29 00:46 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
6.1 |
MEDIUM
Network
|
cyberpanel
|
cyberpanel
|
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows una…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41472
|
2026-04-29 00:45 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
9.1 |
CRITICAL
Network
|
cyberpanel
|
cyberpanel
|
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the da…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41473
|
2026-04-29 00:44 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
6.5 |
MEDIUM
Network
|
langchain
|
langchain-text-splitters
|
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters
1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using valid…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41481
|
2026-04-29 00:43 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
9.1 |
CRITICAL
Network
|
budibase
|
budibase
|
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Si…
Update
|
CWE-287
Improper Authentication
|
CVE-2026-41428
|
2026-04-29 00:39 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
