|
2791
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillm…
|
CWE-94
Code Injection
|
CVE-2026-7191
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2792
|
9.4 |
CRITICAL
Network
|
-
|
-
|
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-3893
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2793
|
- |
|
-
|
-
|
A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.
|
CWE-694
Use of Multiple Resources with Duplicate Identifier
|
CVE-2026-5794
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2794
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to
trigger improper handling of XML input, which may result in unintended
exposure of sensitive information. The flaw stems from in…
|
CWE-611
XXE
|
CVE-2026-6807
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2795
|
6.5 |
MEDIUM
Network
|
apache
|
storm
|
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm
Versions Affected: up to 2.8.7
Description: When TLS transport is enabled in Apache …
|
CWE-287
Improper Authentication
|
CVE-2026-41081
|
2026-04-29 04:46 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2796
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha…
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-6785
|
2026-04-29 04:45 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2797
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-6786
|
2026-04-29 04:45 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2798
|
9.9 |
CRITICAL
Network
|
apache
|
camel
|
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExec…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-40453
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2799
|
7.8 |
HIGH
Local
|
apache
|
camel
|
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilte…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40048
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2800
|
8.8 |
HIGH
Network
|
apache
|
camel
|
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40473
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
