|
771
|
7.3 |
HIGH
Local
|
-
|
-
|
Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially e…
|
CWE-269
Improper Privilege Management
|
CVE-2026-23772
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
- |
|
-
|
-
|
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2025-15621
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
5.9 |
MEDIUM
Network
|
-
|
-
|
@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows …
|
CWE-177
Improper Handling of URL Encoding (Hex Encoding)
|
CVE-2026-6414
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
8.1 |
HIGH
Network
|
-
|
-
|
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
|
CWE-89
SQL Injection
|
CVE-2026-5785
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
9.1 |
CRITICAL
Network
|
-
|
-
|
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent s…
|
CWE-436
Interpretation Conflict
|
CVE-2026-6270
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
5.3 |
MEDIUM
Network
|
-
|
-
|
@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static…
|
CWE-22
Path Traversal
|
CVE-2026-6410
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
7.4 |
HIGH
Network
|
-
|
-
|
@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not accoun…
|
CWE-436
Interpretation Conflict
|
CVE-2026-33804
|
2026-04-18 00:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
- |
|
-
|
-
|
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or dee…
|
CWE-20
Improper Input Validation
|
CVE-2026-6409
|
2026-04-18 00:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
- |
|
-
|
-
|
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a…
|
CWE-331
Insufficient Entropy
|
CVE-2026-2336
|
2026-04-18 00:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argum…
|
CWE-22
Path Traversal
|
CVE-2026-6496
|
2026-04-18 00:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
