|
81
|
7.7 |
HIGH
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature…
New
|
CWE-22
Path Traversal
|
CVE-2026-34619
|
2026-04-16 23:28 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by cha…
New
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-35617
|
2026-04-16 23:19 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-35623
|
2026-04-16 23:17 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
5.3 |
MEDIUM
Network
|
-
|
-
|
@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static…
New
|
CWE-22
Path Traversal
|
CVE-2026-6410
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-6364
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H…
New
|
CWE-416
Use After Free
|
CVE-2026-6362
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
9.1 |
CRITICAL
Network
|
-
|
-
|
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent s…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-6270
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
8.1 |
HIGH
Network
|
-
|
-
|
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
New
|
CWE-89
SQL Injection
|
CVE-2026-5785
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4160
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
7.4 |
HIGH
Local
|
-
|
-
|
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release…
New
|
CWE-78
OS Command
|
CVE-2026-41015
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
