|
691
|
9.8 |
CRITICAL
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which …
Update
|
CWE-94
Code Injection
|
CVE-2026-41242
|
2026-04-24 00:26 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
7.5 |
HIGH
Network
|
projectdiscovery
|
nuclei
|
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).
Update
|
CWE-94
Code Injection
|
CVE-2026-41282
|
2026-04-24 00:25 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
7.2 |
HIGH
Network
|
dell
|
powerprotect_dp_series_appliance
data_domain_operating_system
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.1…
Update
|
CWE-78
OS Command
|
CVE-2026-23774
|
2026-04-24 00:19 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
4.3 |
MEDIUM
Network
|
dify
|
dify
|
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2026-34082
|
2026-04-24 00:12 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged atta…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35235
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privilege…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35234
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
6.5 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerabi…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34308
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability a…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34304
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
6.5 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34303
|
2026-04-24 00:09 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability a…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35236
|
2026-04-24 00:09 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
