|
241
|
7.9 |
HIGH
Network
|
-
|
-
|
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-43001
|
2026-05-2 00:33 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading …
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43003
|
2026-05-2 00:33 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query with…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40601
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any …
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35514
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export ro…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40595
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to on…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40600
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that return…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40603
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest end…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40904
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious …
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6539
|
2026-05-2 00:29 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
8.8 |
HIGH
Network
|
-
|
-
|
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta…
New
|
CWE-78
OS Command
|
CVE-2026-7551
|
2026-05-2 00:29 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
