|
141
|
7.1 |
HIGH
Network
|
ebrigade
|
ebrigade
|
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can sen…
Update
|
CWE-89
SQL Injection
|
CVE-2019-25707
|
2026-04-18 04:17 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
7.8 |
HIGH
Local
|
interference-security
|
echo_mirage
|
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action fiel…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25705
|
2026-04-18 04:16 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creati…
New
|
CWE-88
Argument Injection
|
CVE-2026-6437
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
9.1 |
CRITICAL
Network
|
-
|
-
|
OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration…
New
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-40525
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cs…
New
|
CWE-120
CWE-502
Classic Buffer Overflow
Deserialization of Untrusted Data
|
CVE-2026-33337
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when …
New
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-28214
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared stru…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28212
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.2 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes s…
New
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-27890
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
7.5 |
HIGH
Network
|
apache
|
airflow
|
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. So…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-66236
|
2026-04-18 03:41 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tr…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-33858
|
2026-04-18 03:40 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
