|
211
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attack…
New
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-22618
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
7.8 |
HIGH
Local
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. Thi…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-22619
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS devic…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-3861
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
6.2 |
MEDIUM
Local
|
-
|
-
|
In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-41030
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
5.0 |
MEDIUM
Network
|
-
|
-
|
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41034
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
7.4 |
HIGH
Network
|
-
|
-
|
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-41035
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
7.5 |
HIGH
Network
|
-
|
-
|
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft…
New
|
CWE-611
XXE
|
CVE-2024-2374
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input para…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10242
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject scrip…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-4867
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
3.5 |
LOW
Adjacent
|
-
|
-
|
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external e…
New
|
CWE-611
XXE
|
CVE-2024-8010
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
