Common Vulnerabilities and Exposures (CVE)

CVE-2026-0545

Apr 3, 2026 17:49:22 UTC

In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job exec...

CVE-2026-34831

Apr 3, 2026 17:48:11 UTC

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8...

CVE-2026-28373

Apr 3, 2026 17:45:09 UTC

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on ...

CVE-2026-34786

Apr 3, 2026 17:38:11 UTC

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several header_rules types against the raw URL-encoded PATH_INFO, while the underlying file-serving path is de...

CVE-2026-34828

Apr 3, 2026 17:33:57 UTC

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive accou...

CVE-2026-5470

Apr 3, 2026 17:32:58 UTC

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-e...

CVE-2026-5476

Apr 3, 2026 17:30:12 UTC

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexit...

CVE-2026-5472

Apr 3, 2026 17:27:56 UTC

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of the component Profile Picture Handler...

CVE-2026-5475

Apr 3, 2026 17:26:49 UTC

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project w...

CVE-2026-34610

Apr 3, 2026 17:25:10 UTC

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when storing the Common Name (CN) l...

CVE-2026-4634

Apr 3, 2026 17:23:00 UTC

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high re...

CVE-2026-32211

Apr 3, 2026 17:22:49 UTC

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

CVE-2026-32173

Apr 3, 2026 17:22:48 UTC

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

CVE-2026-33105

Apr 3, 2026 17:22:48 UTC

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26135

Apr 3, 2026 17:22:47 UTC

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.