|
1161
|
8.6 |
HIGH
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file syste…
|
CWE-22
Path Traversal
|
CVE-2026-27305
|
2026-04-16 23:42 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
9.1 |
CRITICAL
Network
|
-
|
-
|
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) f…
|
CWE-93
CRLF Injection
|
CVE-2026-39958
|
2026-04-16 23:42 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
3.1 |
LOW
Network
|
-
|
-
|
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not vali…
|
CWE-287
CWE-345
Improper Authentication
Insufficient Verification of Data Authenticity
|
CVE-2026-40109
|
2026-04-16 23:42 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
8.4 |
HIGH
Adjacent
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker r…
|
CWE-20
Improper Input Validation
|
CVE-2026-27306
|
2026-04-16 23:41 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
2.4 |
LOW
Adjacent
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could e…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-27307
|
2026-04-16 23:41 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
2.4 |
LOW
Adjacent
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could e…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-27308
|
2026-04-16 23:40 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
7.7 |
HIGH
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature…
|
CWE-22
Path Traversal
|
CVE-2026-34619
|
2026-04-16 23:28 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by cha…
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-35617
|
2026-04-16 23:19 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-35623
|
2026-04-16 23:17 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4160
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
