|
251
|
- |
|
-
|
-
|
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-0207
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
- |
|
-
|
-
|
Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.
Update
|
CWE-783
Operator Precedence Logic Error
|
CVE-2026-0209
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. Whe…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24907
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24906
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
7.7 |
HIGH
Network
|
-
|
-
|
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _…
Update
|
CWE-843
Type Confusion
|
CVE-2026-40683
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
8.8 |
HIGH
Network
|
-
|
-
|
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a…
Update
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-24893
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
- |
|
-
|
-
|
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. W…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33714
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets th…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-33146
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoof…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-33193
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
4.9 |
MEDIUM
Network
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's…
Update
|
CWE-94
CWE-200
Code Injection
Information Exposure
|
CVE-2026-25125
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
