CVE ID :CVE-2026-40493 Published : April 18, 2026, 3:16 a.m. | 21 hours, 25 minutes ago Description :SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC…
CVE-2026-40492 – SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap
CVE ID :CVE-2026-40492 Published : April 18, 2026, 3:16 a.m. | 21 hours, 25 minutes ago Description :SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC…
CVE-2026-40582 – ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout
CVE ID :CVE-2026-40582 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the…
CVE-2026-40581 – ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion
CVE ID :CVE-2026-40581 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php)…
CVE-2026-40484 – ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function
CVE ID :CVE-2026-40484 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts…
CVE-2026-40349 – Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true
CVE ID :CVE-2026-40349 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :Movary is a self hosted web app to track and rate a user’s watched movies. Prior to version…
CVE-2026-40324 – Hot Chocolate’s Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
CVE ID :CVE-2026-40324 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate’s recursive…
CVE-2026-22734 – Cloud Foundry UAA SAML 2.0 Signature Bypass
CVE ID :CVE-2026-22734 Published : April 16, 2026, 11:33 p.m. | 1 hour, 7 minutes ago Description :Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any…
CVE-2026-40322 – SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
CVE ID :CVE-2026-40322 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered…
CVE-2026-40318 – SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
CVE ID :CVE-2026-40318 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs…