CVE ID :CVE-2026-22734 Published : April 16, 2026, 11:33 p.m. | 1 hour, 7 minutes ago Description :Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any…
CVE-2026-40322 – SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
CVE ID :CVE-2026-40322 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered…
CVE-2026-40318 – SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
CVE ID :CVE-2026-40318 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs…
CVE-2026-40259 – SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API
CVE ID :CVE-2026-40259 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is…
CVE-2026-41113 – Sagredo Qmail TLS Quit Remote Code Execution Vulnerability
CVE ID :CVE-2026-41113 Published : April 16, 2026, 10:16 p.m. | 2 hours, 24 minutes ago Description :sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. Severity:…
CVE-2026-40316 – OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow
CVE ID :CVE-2026-40316 Published : April 15, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and…
CVE-2026-40192 – Pillow is vulnerable to a FITS GZIP decompression bomb
CVE ID :CVE-2026-40192 Published : April 15, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed…
CVE-2026-6388 – Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
CVE ID :CVE-2026-6388 Published : April 15, 2026, 10:17 p.m. | 2 hours, 23 minutes ago Description :A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create…
CVE-2026-40261 – Composer has Command Injection via Malicious Perforce Reference
CVE ID :CVE-2026-40261 Published : April 15, 2026, 9:17 p.m. | 3 hours, 23 minutes ago Description :Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a…
CVE-2026-40173 – Dgraph: Unauthenticated pprof endpoint leaks admin auth token
CVE ID :CVE-2026-40173 Published : April 15, 2026, 9:17 p.m. | 3 hours, 23 minutes ago Description :Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure…