|
91
|
8.2 |
HIGH
Network
|
-
|
-
|
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strin…
New
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-32316
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
8.8 |
HIGH
Network
|
-
|
-
|
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute sh…
New
|
CWE-94
Code Injection
|
CVE-2026-29955
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.
New
|
CWE-94
Code Injection
|
CVE-2026-31048
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
7.5 |
HIGH
Network
|
-
|
-
|
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by …
New
|
CWE-125
CWE-193
Out-of-bounds Read
Off-by-one Error
|
CVE-2026-32605
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
4.3 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the inter…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33534
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
4.6 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-admin…
New
|
CWE-80
CWE-116
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-33657
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
8.8 |
HIGH
Network
|
-
|
-
|
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a fu…
New
|
CWE-269
CWE-639
Improper Privilege Management
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38529
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
8.1 |
HIGH
Network
|
-
|
-
|
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38530
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
8.1 |
HIGH
Network
|
-
|
-
|
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanentl…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38532
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and acco…
New
|
CWE-285
Improper Authorization
|
CVE-2026-38533
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
