|
111
|
4.9 |
MEDIUM
Network
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's…
New
|
CWE-94
CWE-200
Code Injection
Information Exposure
|
CVE-2026-25125
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex p…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-25133
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
7.2 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because…
New
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-33715
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoof…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-33193
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34212
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated us…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-34213
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
- |
|
-
|
-
|
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hash…
New
|
CWE-441
Confused Deputy
|
CVE-2026-39906
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
8.6 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessib…
New
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-34160
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
- |
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality,…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34161
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
7.0 |
HIGH
Local
|
-
|
-
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where a single…
New
|
CWE-416
Use After Free
|
CVE-2026-33018
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
