|
71
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40488
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
- |
|
-
|
-
|
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled lic…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-40353
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
7.7 |
HIGH
Network
|
-
|
-
|
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets throu…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40348
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
8.8 |
HIGH
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the sessi…
Update
|
CWE-89
CWE-302
CWE-473
SQL Injection
Authentication Bypass by Assumed-Immutable Data
PHP External Variable Modification
|
CVE-2026-40285
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40098
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
- |
|
-
|
-
|
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as ins…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-3219
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper …
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-35154
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
3.1 |
LOW
Network
|
-
|
-
|
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML …
Update
|
CWE-20
CWE-79
CWE-116
Improper Input Validation
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-33436
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
3.7 |
LOW
Network
|
-
|
-
|
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked.
If you do not stor…
Update
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-32690
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
7.5 |
HIGH
Network
|
-
|
-
|
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker.…
Update
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-30912
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
