|
791
|
9.8 |
CRITICAL
Network
|
gnu
|
glibc
|
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 cou…
New
|
CWE-122
CWE-787
Heap-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-5450
|
2026-04-24 00:33 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
792
|
9.0 |
CRITICAL
Network
|
gitroom
|
postiz
|
Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to t…
Update
|
CWE-79
CWE-345
CWE-434
Cross-site Scripting
Insufficient Verification of Data Authenticity
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40487
|
2026-04-24 00:27 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
793
|
9.8 |
CRITICAL
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which …
Update
|
CWE-94
Code Injection
|
CVE-2026-41242
|
2026-04-24 00:26 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
794
|
7.5 |
HIGH
Network
|
projectdiscovery
|
nuclei
|
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).
Update
|
CWE-94
Code Injection
|
CVE-2026-41282
|
2026-04-24 00:25 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
795
|
7.2 |
HIGH
Network
|
dell
|
powerprotect_dp_series_appliance
data_domain_operating_system
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.1…
Update
|
CWE-78
OS Command
|
CVE-2026-23774
|
2026-04-24 00:19 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
796
|
4.3 |
MEDIUM
Network
|
dify
|
dify
|
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2026-34082
|
2026-04-24 00:12 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
797
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged atta…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35235
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
798
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privilege…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35234
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
799
|
6.5 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerabi…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34308
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
800
|
4.9 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability a…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34304
|
2026-04-24 00:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
