1018 items
Unread (2155) All Dismissed
HIGH
CVE-2026-40938 (CVSS 7.5) — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting ...
NVD CVE-2026-40938 45d ago
HIGH
CVE-2026-31430 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access...
NVD CVE-2026-31430 47d ago
HIGH
CVE-2026-40476 (CVSS 7.5) — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa...
NVD CVE-2026-40476 49d ago
HIGH
CVE-2026-40527 (CVSS 7.8) — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command...
NVD CVE-2026-40527 49d ago
HIGH
CVE-2026-40518 (CVSS 7.1) — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab...
NVD CVE-2026-40518 50d ago
HIGH
CVE-2025-15624 (CVSS 7.5) — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In ...
NVD CVE-2025-15624 50d ago
HIGH
CVE-2025-15623 (CVSS 7.5) — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In...
NVD CVE-2025-15623 50d ago
HIGH
CVE-2026-41035 (CVSS 7.4) — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,...
NVD CVE-2026-41035 51d ago
HIGH
CVE-2026-6351 (CVSS 7.5) — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6351 51d ago
HIGH
CVE-2026-6348 (CVSS 8.8) — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing...
NVD CVE-2026-6348 51d ago
HIGH
CVE-2026-5363 (CVSS 8.8) — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow...
NVD CVE-2026-5363 51d ago
HIGH
CVE-2026-33805 (CVSS 8.6) — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the clie...
NVD CVE-2026-33805 52d ago
HIGH
Patch Tuesday, April 2026 Edition
Krebs breachesthreat-actorszero-day 52d ago
HIGH
CVE-2026-27289 (CVSS 7.8) — Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when...
NVD CVE-2026-27289 52d ago
HIGH
CVE-2026-32146 (CVSS 7.8) — Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows a...
NVD CVE-2026-32146 56d ago
HIGH
CVE-2026-40180 (CVSS 7.5) — Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen...
NVD CVE-2026-40180 56d ago
HIGH
CVE-2021-47961 (CVSS 8.1) — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...
NVD CVE-2021-47961 57d ago
HIGH
CVE-2026-40072 (CVSS 7.2) — web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1...
NVD CVE-2026-40072 57d ago
HIGH
CVE-2026-5883 (CVSS 8.8) — Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute...
NVD CVE-2026-5883 58d ago
HIGH
CVE-2026-32590 (CVSS 7.1) — A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p...
NVD CVE-2026-32590 58d ago
HIGH
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Krebs breachesthreat-actorsransomware 61d ago
HIGH
CVE-2026-34769 (CVSS 7.7) — Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C...
NVD CVE-2026-34769 63d ago
HIGH
CVE-2026-31399 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use a...
NVD CVE-2026-31399 64d ago
HIGH
CVE-2026-31395 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_...
NVD CVE-2026-31395 64d ago
HIGH
CVE-2026-23454 (CVSS 7) — In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free i...
NVD CVE-2026-23454 64d ago
HIGH
CVE-2026-23448 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffse...
NVD CVE-2026-23448 64d ago
HIGH
CVE-2026-5463 (CVSS 8.6) — Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version...
NVD CVE-2026-5463 64d ago
HIGH
CVE-2026-35535 (CVSS 7.4) — In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a ...
NVD CVE-2026-35535 64d ago
HIGH
CVE-2025-15620 (CVSS 8.6) — HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-o...
NVD CVE-2025-15620 64d ago
HIGH
CVE-2026-32145 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denia...
NVD CVE-2026-32145 65d ago
HIGH
CVE-2026-34072 (CVSS 8.3) — Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log ...
NVD CVE-2026-34072 65d ago
HIGH
CVE-2026-34352 (CVSS 8.5) — In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the ...
NVD CVE-2026-34352 71d ago
HIGH
CVE-2026-0966 (CVSS 8.2) — A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service w...
NVD CVE-2026-0966 71d ago
HIGH
CVE-2026-32846 (CVSS 7.5) — OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attac...
NVD CVE-2026-32846 72d ago
HIGH
CVE-2026-3104 (CVSS 7.5) — A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying ...
NVD CVE-2026-3104 73d ago
HIGH
CVE-2026-23327 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size...
NVD CVE-2026-23327 73d ago
HIGH
CVE-2026-23305 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in ...
NVD CVE-2026-23305 73d ago
HIGH
CVE-2026-23281 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-f...
NVD CVE-2026-23281 73d ago
HIGH
CVE-2019-25634 (CVSS 8.4) — Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attacker...
NVD CVE-2019-25634 74d ago
HIGH
CVE-2026-4342 (CVSS 8.8) — A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u...
NVD CVE-2026-4342 78d ago
HIGH
CVE-2025-69720 (CVSS 7.3) — The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an...
NVD CVE-2025-69720 79d ago
HIGH
CVE-2026-23262 (CVSS 0) — In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruptio...
NVD CVE-2026-23262 79d ago
HIGH
CVE-2026-23244 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in ...
NVD CVE-2026-23244 80d ago
HIGH
CVE-2026-4224 (CVSS 7.5) — When an Expat parser with a registered ElementDeclHandler parses an inline document type definition ...
NVD CVE-2026-4224 81d ago
HIGH
CVE-2026-3644 (CVSS 7.5) — The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete....
NVD CVE-2026-3644CVE-2026-0672 81d ago
HIGH
CVE-2026-3497 (CVSS 7.5) — Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerabilit...
NVD CVE-2026-3497 85d ago
HIGH
CVE-2026-28807 (CVSS 7.5) — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in glea...
NVD CVE-2026-28807 87d ago
HIGH
CVE-2026-28806 (CVSS 8.8) — Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device c...
NVD CVE-2026-28806 87d ago
HIGH
CVE-2026-26134 (CVSS 7.8) — Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg...
NVD CVE-2026-26134 87d ago
HIGH
CVE-2026-26110 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor...
NVD CVE-2026-26110 87d ago
HIGH NVD Tue, 21 Apr 2026 21:16:46 UTC
CVE-2026-40938 (CVSS 7.5) — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting ...
https://nvd.nist.gov/vuln/detail/CVE-2026-40938
TL;DR
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an…
CVE-2026-40938
Read full story ↗