|
311
|
- |
|
-
|
-
|
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).
Non-constant time comparisons risk private key leakage in FrodoKEM.
This issue affects BC…
New
|
CWE-385
Covert Timing Channel
|
CVE-2026-5598
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET reque…
New
|
CWE-22
Path Traversal
|
CVE-2026-30996
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
7.4 |
HIGH
Network
|
-
|
-
|
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by trick…
New
|
CWE-200
Information Exposure
|
CVE-2026-32631
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
3.1 |
LOW
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't hav…
New
|
CWE-284
Improper Access Control
|
CVE-2026-33212
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been f…
New
|
CWE-862
Missing Authorization
|
CVE-2026-33214
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
8.0 |
HIGH
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with acces…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6290
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been f…
New
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-33220
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
8.0 |
HIGH
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain cir…
New
|
CWE-23
CWE-94
CWE-434
Relative Path Traversal
Code Injection
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33435
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33440
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
7.4 |
HIGH
Network
|
-
|
-
|
OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting,…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-33667
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
