|
371
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment…
New
|
CWE-284
Improper Access Control
|
CVE-2026-31843
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
7.1 |
HIGH
Network
|
-
|
-
|
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-m…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-30459
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
7.5 |
HIGH
Network
|
-
|
-
|
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the i…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-30656
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-24749
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
- |
|
-
|
-
|
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The z…
New
|
CWE-120
CWE-131
Classic Buffer Overflow
Incorrect Calculation of Buffer Size
|
CVE-2026-27820
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
- |
|
-
|
-
|
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST…
New
|
CWE-89
SQL Injection
|
CVE-2026-33082
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
- |
|
-
|
-
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoint…
New
|
CWE-89
SQL Injection
|
CVE-2026-33083
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
7.3 |
HIGH
Local
|
-
|
-
|
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
New
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-41082
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
- |
|
-
|
-
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj en…
New
|
CWE-89
SQL Injection
|
CVE-2026-33084
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
- |
|
-
|
-
|
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from…
New
|
CWE-89
SQL Injection
|
CVE-2026-33121
|
2026-04-18 00:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
