|
41
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6048
|
2026-04-18 14:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4801
|
2026-04-18 14:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
7.5 |
HIGH
Network
|
-
|
-
|
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remot…
Update
|
CWE-321
CWE-502
Use of Hard-coded Cryptographic Key
Deserialization of Untrusted Data
|
CVE-2026-5426
|
2026-04-18 13:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
7.5 |
HIGH
Network
|
-
|
-
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Update
|
CWE-331
Insufficient Entropy
|
CVE-2026-41080
|
2026-04-18 13:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio rang…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-37100
|
2026-04-18 13:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
7.5 |
HIGH
Network
|
-
|
-
|
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Users are advised to upgrade to Airflow version that contains fix.
Users are recommended to upgrade t…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-31987
|
2026-04-18 13:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE de…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40494
|
2026-04-18 12:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40493
|
2026-04-18 12:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40492
|
2026-04-18 12:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
6.5 |
MEDIUM
Network
|
-
|
-
|
gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP…
New
|
CWE-22
Path Traversal
|
CVE-2026-40491
|
2026-04-18 12:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
