|
541
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35514
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export ro…
|
CWE-284
Improper Access Control
|
CVE-2026-40595
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to on…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40600
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query with…
|
CWE-862
Missing Authorization
|
CVE-2026-40601
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that return…
|
CWE-284
Improper Access Control
|
CVE-2026-40603
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest end…
|
CWE-284
Improper Access Control
|
CVE-2026-40904
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6539
|
2026-05-2 00:29 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
4.6 |
MEDIUM
Network
|
-
|
-
|
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7429
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
- |
|
-
|
-
|
CVE-2026-33446 is a buffer overflow in the authentication sub-system of
the Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overw…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-33446
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
- |
|
-
|
-
|
CVE-2026-33447 is a buffer overflow in a message parsing function of the
Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrit…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-33447
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
