|
461
|
8.1 |
HIGH
Network
|
senselive
|
x3500_firmware
|
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application do…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-27841
|
2026-04-29 04:32 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
5.4 |
MEDIUM
Network
|
senselive
|
x3500_firmware
|
A vulnerability exists in SenseLive
X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requi…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-25720
|
2026-04-29 04:31 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
5.9 |
MEDIUM
Network
|
opentelemetry
|
opentelemetry
|
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on …
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41078
|
2026-04-29 04:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
7.5 |
HIGH
Network
|
sqlalchemy
|
mako
|
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is…
Update
|
CWE-22
Path Traversal
|
CVE-2026-41205
|
2026-04-29 04:14 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: make use of smbdirect_socket.recv_io.credits.available
The logic off managing recv credits by counting posted recv_i…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-31535
|
2026-04-29 04:14 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: server: let send_done handle a completion without IB_SEND_SIGNALED
With smbdirect_send_batch processing we likely have reque…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31536
|
2026-04-29 04:10 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: server: make use of smbdirect_socket.send_io.bcredits
It turns out that our code will corrupt the stream of
reassabled data …
Update
|
NVD-CWE-noinfo
|
CVE-2026-31537
|
2026-04-29 04:09 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
5.4 |
MEDIUM
Network
|
pretalx
|
pretalx
|
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41241
|
2026-04-29 04:07 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
8.1 |
HIGH
Network
|
senselive
|
x3500_firmware
|
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-39462
|
2026-04-29 04:04 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
8.1 |
HIGH
Network
|
projectcontour
|
contour
|
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker…
Update
|
CWE-94
Code Injection
|
CVE-2026-41246
|
2026-04-29 04:04 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
