|
151
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Update
|
CWE-59
CWE-269
Link Following
Improper Privilege Management
|
CVE-2026-32212
|
2026-04-20 23:55 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
9.0 |
CRITICAL
Network
|
b3log
|
siyuan
|
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the…
Update
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-40322
|
2026-04-20 23:51 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
7.2 |
HIGH
Network
|
cubecart
|
cubecart
|
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
Update
|
CWE-78
OS Command
|
CVE-2026-21719
|
2026-04-20 23:45 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
9.8 |
CRITICAL
Network
|
cubecart
|
cubecart
|
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
Update
|
CWE-89
SQL Injection
|
CVE-2026-34018
|
2026-04-20 23:44 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Update
|
CWE-284
Improper Access Control
|
CVE-2026-32214
|
2026-04-20 23:43 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
2.7 |
LOW
Network
|
cubecart
|
cubecart
|
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
Update
|
CWE-22
Path Traversal
|
CVE-2026-35496
|
2026-04-20 23:43 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
6.5 |
MEDIUM
Network
|
pac4j
|
pac4j
|
PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site requ…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-40458
|
2026-04-20 23:41 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
8.8 |
HIGH
Network
|
pac4j
|
pac4j
|
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP …
Update
|
CWE-90
LDAP Injection
|
CVE-2026-40459
|
2026-04-20 23:38 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2022_…
|
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-32215
|
2026-04-20 23:35 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_11_26h1
|
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-32216
|
2026-04-20 23:34 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
