|
101
|
4.9 |
MEDIUM
Network
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature …
Update
|
CWE-284
CWE-693
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-22692
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.
Update
|
CWE-843
Type Confusion
|
CVE-2025-70023
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
- |
|
-
|
-
|
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-0207
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
- |
|
-
|
-
|
Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.
Update
|
CWE-783
Operator Precedence Logic Error
|
CVE-2026-0209
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24906
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. Whe…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24907
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
- |
|
-
|
-
|
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. W…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33714
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets th…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-33146
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
7.7 |
HIGH
Network
|
-
|
-
|
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _…
Update
|
CWE-843
Type Confusion
|
CVE-2026-40683
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
8.8 |
HIGH
Network
|
-
|
-
|
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a…
Update
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-24893
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
