|
721
|
7.4 |
HIGH
Network
|
-
|
-
|
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here:
* https://w4ke.info/2025/06/18/funk…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-2332
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
7.1 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Mana…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-33892
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
- |
|
-
|
-
|
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execut…
|
CWE-88
Argument Injection
|
CVE-2026-2449
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
- |
|
-
|
-
|
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant…
|
CWE-520
.NET Misconfiguration: Use of Impersonation
|
CVE-2026-2450
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
- |
|
-
|
-
|
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server
through the adopted authority of the AdminServer proce…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2025-7389
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
- |
|
-
|
-
|
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applicatio…
|
CWE-257
Storing Passwords in a Recoverable Format
|
CVE-2025-8095
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-31049
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a us…
|
CWE-94
Code Injection
|
CVE-2025-61260
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 …
|
CWE-385
Covert Timing Channel
|
CVE-2025-69893
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesyst…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-30480
|
2026-04-18 00:24 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
