|
81
|
- |
|
-
|
-
|
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is a…
New
|
-
|
CVE-2026-30269
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
- |
|
-
|
-
|
libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which i…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-29013
|
2026-04-21 02:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflo…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-26951
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln…
New
|
CWE-78
OS Command
|
CVE-2026-26943
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacke…
New
|
CWE-78
OS Command
|
CVE-2026-26942
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
New
|
CWE-22
CWE-184
Path Traversal
Incomplete Blacklist
|
CVE-2026-25525
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
8.1 |
HIGH
Network
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25524
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
7.5 |
HIGH
Network
|
-
|
-
|
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/…
New
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-25058
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln…
New
|
CWE-78
OS Command
|
CVE-2026-24506
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-24505
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
