|
1021
|
7.5 |
HIGH
Network
|
-
|
-
|
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress op…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-5807
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1022
|
8.4 |
HIGH
Network
|
-
|
-
|
IdentityIQ 8.5, all
IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ
8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug
Pages Read Only capabil…
|
CWE-863
Incorrect Authorization
|
CVE-2026-4857
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1023
|
- |
|
-
|
-
|
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-5189
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1024
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Be…
|
CWE-805
Buffer Access with Incorrect Length Value
|
CVE-2026-6245
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1025
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6383
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1026
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS).
If the database is configured to use Tencent …
|
-
|
CVE-2025-41118
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1027
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/…
|
-
|
CVE-2026-21726
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1028
|
3.3 |
LOW
Network
|
-
|
-
|
---
title: Cross-Tenant Legacy Correlation Disclosure and Deletion
draft: false
hero:
image: /static/img/heros/hero-legal2.svg
content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion"…
|
-
|
CVE-2026-21727
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1029
|
8.7 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description)…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-35569
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1030
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40915
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
