|
521
|
- |
|
-
|
-
|
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execut…
Update
|
CWE-88
Argument Injection
|
CVE-2026-2449
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
- |
|
-
|
-
|
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant…
Update
|
CWE-520
.NET Misconfiguration: Use of Impersonation
|
CVE-2026-2450
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
- |
|
-
|
-
|
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server
through the adopted authority of the AdminServer proce…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2025-7389
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
- |
|
-
|
-
|
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applicatio…
Update
|
CWE-257
Storing Passwords in a Recoverable Format
|
CVE-2025-8095
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-31049
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a us…
Update
|
CWE-94
Code Injection
|
CVE-2025-61260
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-69993
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesyst…
Update
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-30480
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 …
Update
|
CWE-385
Covert Timing Channel
|
CVE-2025-69893
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability …
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-31991
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
