|
261
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTM…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40922
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
- |
|
-
|
-
|
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service att…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-6482
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
- |
|
-
|
-
|
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP …
New
|
CWE-90
LDAP Injection
|
CVE-2026-40459
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
5.5 |
MEDIUM
Local
|
-
|
-
|
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party impl…
New
|
CWE-269
Improper Privilege Management
|
CVE-2025-70795
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
- |
|
-
|
-
|
PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site requ…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40458
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
5.8 |
MEDIUM
Local
|
-
|
-
|
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
New
|
CWE-77
Command Injection
|
CVE-2026-41153
|
2026-04-18 00:38 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.5 |
HIGH
Network
|
-
|
-
|
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
New
|
CWE-284
Improper Access Control
|
CVE-2026-30994
|
2026-04-18 00:37 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
8.6 |
HIGH
Network
|
-
|
-
|
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.
New
|
CWE-89
SQL Injection
|
CVE-2026-30995
|
2026-04-18 00:37 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.
New
|
CWE-94
Code Injection
|
CVE-2026-30993
|
2026-04-18 00:37 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
8.0 |
HIGH
Network
|
-
|
-
|
Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-31281
|
2026-04-18 00:35 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
