|
531
|
- |
|
-
|
-
|
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the n…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-13822
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-pr…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-24069
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
7.4 |
HIGH
Network
|
-
|
-
|
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here:
* https://w4ke.info/2025/06/18/funk…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-2332
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
7.1 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Mana…
Update
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-33892
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples.
This issue affects the
ExtractEmbeddedFiles example in Apache PDFBox: from 2.…
Update
|
CWE-22
Path Traversal
|
CVE-2026-33929
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
- |
|
-
|
-
|
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execut…
Update
|
CWE-88
Argument Injection
|
CVE-2026-2449
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
- |
|
-
|
-
|
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant…
Update
|
CWE-520
.NET Misconfiguration: Use of Impersonation
|
CVE-2026-2450
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
- |
|
-
|
-
|
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server
through the adopted authority of the AdminServer proce…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2025-7389
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
- |
|
-
|
-
|
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applicatio…
Update
|
CWE-257
Storing Passwords in a Recoverable Format
|
CVE-2025-8095
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-31049
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
