|
1231
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-6763
|
2026-04-23 02:38 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1232
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-6767
|
2026-04-23 02:37 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1233
|
7.8 |
HIGH
Local
|
civetweb_project
|
civetweb
|
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in …
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2026-5789
|
2026-04-23 02:36 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1234
|
10.0 |
CRITICAL
Network
|
nwclark
|
storable
|
Storable versions before 3.05 for Perl has a stack overflow.
The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigne…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2017-20230
|
2026-04-23 02:36 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1235
|
8.1 |
HIGH
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true…
New
|
CWE-1385
Missing Origin Validation in WebSockets
|
CVE-2026-34403
|
2026-04-23 02:35 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1236
|
10.0 |
CRITICAL
Network
|
atrodo
|
net\
|
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.
Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions …
New
|
NVD-CWE-noinfo
|
CVE-2025-15638
|
2026-04-23 02:35 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1237
|
9.8 |
CRITICAL
Network
|
freescout
|
freescout
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators.…
New
|
CWE-200
CWE-284
CWE-770
Information Exposure
Improper Access Control
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40498
|
2026-04-23 02:34 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1238
|
6.1 |
MEDIUM
Network
|
freescout
|
freescout
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify() function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40565
|
2026-04-23 02:34 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1239
|
8.1 |
HIGH
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In pr…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2026-33031
|
2026-04-23 02:33 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1240
|
7.5 |
HIGH
Network
|
emqx
|
nanomq
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32135
|
2026-04-23 02:32 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
