|
1431
|
5.3 |
MEDIUM
Network
|
-
|
-
|
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint (POST /api/access-tokens). …
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-41418
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
7.6 |
HIGH
Network
|
-
|
-
|
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbit…
|
CWE-22
Path Traversal
|
CVE-2026-41419
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
- |
|
-
|
-
|
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This al…
|
CWE-787
CWE-823
Out-of-bounds Write
Use of Out-of-range Pointer Offset
|
CVE-2026-41907
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
- |
|
-
|
-
|
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invok…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41427
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41429
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
8.4 |
HIGH
Local
|
-
|
-
|
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker contr…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-41433
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6966
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1438
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TU…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-6967
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1439
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute…
|
CWE-22
Path Traversal
|
CVE-2026-6968
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
7.8 |
HIGH
Local
|
-
|
-
|
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTe…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-42171
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
