Common Vulnerabilities and Exposures (CVE)

CVE-2026-1726

Apr 25, 2026 03:55:44 UTC

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1

CVE-2026-41176

Apr 25, 2026 03:55:43 UTC

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including t...

CVE-2026-41179

Apr 25, 2026 03:55:41 UTC

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true...

CVE-2026-35431

Apr 25, 2026 03:55:39 UTC

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-41197

Apr 25, 2026 03:55:38 UTC

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign ...

CVE-2025-29635

Apr 25, 2026 03:55:37 UTC

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, trigge...

CVE-2024-57728

Apr 25, 2026 03:55:36 UTC

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in th...

CVE-2024-57726

Apr 25, 2026 03:55:35 UTC

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

CVE-2026-35368

Apr 25, 2026 03:55:34 UTC

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based syst...

CVE-2026-39866

Apr 25, 2026 03:55:32 UTC

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a392144...

CVE-2024-7399

Apr 25, 2026 03:55:30 UTC

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

CVE-2026-22486

Apr 25, 2026 01:59:16 UTC

Missing Authorization vulnerability in Hakob Re Gallery regallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through <= 1.18.9.

CVE-2026-22487

Apr 25, 2026 01:58:46 UTC

Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through <= 2.0.2.

CVE-2026-22490

Apr 25, 2026 01:58:24 UTC

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPres...

CVE-2026-22492

Apr 25, 2026 01:58:05 UTC

Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.