|
611
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q lea…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7143
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp…
New
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7144
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulatio…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7142
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit…
New
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7145
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/ser…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7146
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
4.0 |
MEDIUM
Local
|
gnupg
|
libgcrypt
|
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41990
|
2026-04-28 03:33 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
6.7 |
MEDIUM
Local
|
gnupg
|
libgcrypt
|
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41989
|
2026-04-28 03:33 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Exact UNIX diag lookups hold a reference to the socket, but not to
u->path…
Update
|
-
|
CVE-2026-31673
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
7.1 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS.
rt_mt6() …
Update
|
-
|
CVE-2026-31674
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE during service challenge
Only process RESPONSE packets while the service connection is still in
RXRPC…
Update
|
-
|
CVE-2026-31676
|
2026-04-28 03:32 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
