|
1061
|
7.5 |
HIGH
Network
|
varnish-software
|
varnish_enterprise
|
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40395
|
2026-04-17 23:37 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1062
|
7.5 |
HIGH
Network
|
varnish-software
vinyl-cache
|
varnish_enterprise
vinyl_cache
|
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 sess…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40394
|
2026-04-17 23:35 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1063
|
9.1 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malic…
|
CWE-89
SQL Injection
|
CVE-2019-25710
|
2026-04-17 23:25 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1064
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed o…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-6492
|
2026-04-17 23:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1065
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-6491
|
2026-04-17 23:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1066
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Paramet…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6490
|
2026-04-17 23:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1067
|
5.5 |
MEDIUM
Local
|
nsasoft
|
spotftp
|
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. …
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2019-25711
|
2026-04-17 23:14 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1068
|
5.5 |
MEDIUM
Local
|
nsasoft
|
blueauditor
|
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can tri…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25712
|
2026-04-17 23:07 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1069
|
8.1 |
HIGH
Network
|
myt_project
|
myt
|
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attack…
|
CWE-89
SQL Injection
|
CVE-2019-25713
|
2026-04-17 23:04 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1070
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backg…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6489
|
2026-04-17 22:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
