|
71
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the applicati…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41459
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41429
|
2026-04-25 05:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
- |
|
-
|
-
|
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invok…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41427
|
2026-04-25 05:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
6.1 |
MEDIUM
Network
|
-
|
-
|
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malforme…
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-41426
|
2026-04-25 05:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vuln…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-41425
|
2026-04-25 05:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an i…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-34415
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
7.1 |
HIGH
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in re…
New
|
CWE-22
Path Traversal
|
CVE-2026-34414
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
8.6 |
HIGH
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unaut…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-34413
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
8.2 |
HIGH
Network
|
firebirdsql
|
firebird
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes s…
Update
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-27890
|
2026-04-25 05:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
7.5 |
HIGH
Network
|
firebirdsql
|
firebird
|
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared stru…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28212
|
2026-04-25 04:54 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
