|
1901
|
9.1 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the …
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41328
|
2026-04-29 03:31 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
9.1 |
CRITICAL
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41415
|
2026-04-29 03:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
7.5 |
HIGH
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymm…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41416
|
2026-04-29 03:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
9.8 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is …
|
CWE-200
Information Exposure
|
CVE-2026-41492
|
2026-04-29 03:28 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
HID: apple: avoid memory leak in apple_report_fixup()
The apple_report_fixup() function was returning a
newly kmemdup()-allocated…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31520
|
2026-04-29 03:27 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
module: Fix kernel panic when a symbol st_shndx is out of bounds
The module loader doesn't check for bounds of the ELF section in…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31521
|
2026-04-29 03:26 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
The magicmouse_report_fixup() function was returning a
newly kmem…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31522
|
2026-04-29 03:21 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
5.4 |
MEDIUM
Network
|
authlib
|
authlib
|
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vuln…
|
CWE-352
Origin Validation Error
|
CVE-2026-41425
|
2026-04-29 03:18 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1909
|
6.1 |
MEDIUM
Network
|
pretalx
|
pretalx
|
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malforme…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-41426
|
2026-04-29 03:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
3.1 |
LOW
Network
|
langchain
|
langchain-openai
|
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) va…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41488
|
2026-04-29 03:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
