|
2431
|
8.8 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix read abandonment during retry
Under certain circumstances, all the remaining subrequests from a read
request will get …
|
-
|
CVE-2026-31435
|
2026-04-27 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2432
|
8.8 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix potencial OOB in get_file_all_info() for compound requests
When a compound request consists of QUERY_DIRECTORY + QUERY…
|
-
|
CVE-2026-31433
|
2026-04-27 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2433
|
8.8 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix OOB write in QUERY_INFO for compound requests
When a compound request such as READ + QUERY_INFO(Security) is received,…
|
-
|
CVE-2026-31432
|
2026-04-27 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2434
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the assoc…
|
-
|
CVE-2026-31431
|
2026-04-27 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2435
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: skb: fix cross-cache free of KFENCE-allocated skb head
SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2
va…
|
-
|
CVE-2026-31429
|
2026-04-27 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2436
|
6.3 |
MEDIUM
Network
|
apache
|
dolphinscheduler
|
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.
This issue affects Apache DolphinScheduler:
Version >= 3.2.0 and < 3.3.1.
Attackers who can access the Maste…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62233
|
2026-04-27 22:45 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2437
|
6.6 |
MEDIUM
Local
|
saurabh-kumar
|
python-dotenv
|
python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewri…
|
CWE-59
CWE-61
Link Following
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-28684
|
2026-04-27 22:44 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2438
|
8.1 |
HIGH
Network
|
apache
|
dolphinscheduler
|
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution…
|
CWE-863
Incorrect Authorization
|
CVE-2026-23902
|
2026-04-27 22:42 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2439
|
6.1 |
MEDIUM
Network
|
astro
|
astro
|
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <sc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41067
|
2026-04-27 22:41 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2440
|
5.4 |
MEDIUM
Adjacent
|
openprinting
|
cups
|
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP bac…
|
CWE-125
CWE-200
Out-of-bounds Read
Information Exposure
|
CVE-2026-41079
|
2026-04-27 22:40 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
