|
91
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation…
|
CWE-20
Improper Input Validation
|
CVE-2026-24504
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading …
|
CWE-78
OS Command
|
CVE-2026-22761
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-66954
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
3.7 |
LOW
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint (/api/v1/@apostrophecms/login/r…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-33877
|
2026-04-21 02:05 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
5.3 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type …
|
CWE-200
CWE-863
Information Exposure
Incorrect Authorization
|
CVE-2026-33888
|
2026-04-21 02:04 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
5.4 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color …
|
CWE-79
Cross-site Scripting
|
CVE-2026-33889
|
2026-04-21 02:03 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
5.3 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, …
|
CWE-200
Information Exposure
|
CVE-2026-39857
|
2026-04-21 02:03 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
4.3 |
MEDIUM
Network
|
apache
|
pdfbox
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples.
This issue affects the
ExtractEmbeddedFiles example in Apache PDFBox: from 2.…
|
CWE-22
Path Traversal
|
CVE-2026-33929
|
2026-04-21 01:58 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
6.1 |
MEDIUM
Network
|
leafletjs
|
leaflet
|
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing …
|
CWE-79
Cross-site Scripting
|
CVE-2025-69993
|
2026-04-21 01:55 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
7.5 |
HIGH
Network
|
apache
|
airflow
|
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Users are advised to upgrade to Airflow version that contains fix.
Users are recommended to upgrade t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-31987
|
2026-04-21 01:54 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
