|
161
|
- |
|
-
|
-
|
Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).This issue affects BC-JAVA: before 1.84.
Unbounded PGP AEAD ch…
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-3505
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
- |
|
-
|
-
|
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules).
PKIX draft CompositeVerifier accepts empty signature seque…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-5588
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
- |
|
-
|
-
|
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).
Non-constant time comparisons risk private key leakage in FrodoKEM.
This issue affects BC…
New
|
CWE-385
Covert Timing Channel
|
CVE-2026-5598
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET reque…
New
|
CWE-22
Path Traversal
|
CVE-2026-30996
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
7.4 |
HIGH
Network
|
-
|
-
|
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by trick…
New
|
CWE-200
Information Exposure
|
CVE-2026-32631
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
3.1 |
LOW
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't hav…
New
|
CWE-284
Improper Access Control
|
CVE-2026-33212
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been f…
New
|
CWE-862
Missing Authorization
|
CVE-2026-33214
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
8.0 |
HIGH
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with acces…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6290
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been f…
New
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-33220
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
8.0 |
HIGH
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain cir…
New
|
CWE-23
CWE-94
CWE-434
Relative Path Traversal
Code Injection
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33435
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
