|
1431
|
7.1 |
HIGH
Local
|
craigjbass
|
clearancekit
|
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Si…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40599
|
2026-04-25 05:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
4.4 |
MEDIUM
Local
|
craigjbass
|
clearancekit
|
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancek…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-40604
|
2026-04-25 05:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
8.8 |
HIGH
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to file…
|
CWE-22
Path Traversal
|
CVE-2026-40876
|
2026-04-25 05:38 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
5.5 |
MEDIUM
Local
|
hkuds
|
openharness
|
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attac…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40515
|
2026-04-25 05:34 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
6.3 |
MEDIUM
Local
|
hkuds
|
openharness
|
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by man…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40516
|
2026-04-25 05:32 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
7.5 |
HIGH
Network
|
firebirdsql
|
firebird
|
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher se…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2025-65104
|
2026-04-25 05:27 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
9.8 |
CRITICAL
Network
|
samsung
|
magicinfo_9_server
|
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7399
|
2026-04-25 05:23 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1438
|
9.8 |
CRITICAL
Network
|
samsung
|
magicinfo_9_server
|
La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido en la versión Samsung MagicINFO 9 Server anterior a la 21.1050 permite a los atacantes escribir archivos a…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7399
|
2026-04-25 05:23 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1439
|
5.5 |
MEDIUM
Local
|
giskard
|
giskard
|
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() wit…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-40319
|
2026-04-25 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
6.7 |
MEDIUM
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_server_2016
windows_server_2019
windows_server_2022
|
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-0390
|
2026-04-25 05:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
