8.1
CVE-2026-40259 - SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model functi…
4.3
CVE-2024-58343 - Unauthorized Reading of User Profiles via Modified Cookie in Vision Helpdesk
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.
6.1
CVE-2026-40255 - @adonisjs/http-server has an Open Redirect vulnerability
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP …
6.8
CVE-2026-40253 - openCryptoki: Memory safety vulnerabilities in BER/DER decoders in asn1.c
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them a…
8.1
CVE-2026-41113 - TLS_QUIT Command Injection in sagredo qmail
sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.
6.9
CVE-2026-40249 - free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subs…
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization err…
8.7
CVE-2026-40248 - free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic In…
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 res…
8.7
CVE-2026-40247 - free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptio…
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when va…
8.7
CVE-2026-40246 - free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscript…
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when v…
7.5
CVE-2026-40170 - ngtcp2 has a qlog transport parameter serialization stack buffer overflow
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transp…