|
441
|
6.1 |
MEDIUM
Local
|
-
|
-
|
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for exampl…
New
|
CWE-22
Path Traversal
|
CVE-2026-29050
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
4.4 |
MEDIUM
Local
|
-
|
-
|
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also usable via `me…
New
|
CWE-22
Path Traversal
|
CVE-2026-29051
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
7.6 |
HIGH
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API rou…
New
|
CWE-89
CWE-184
SQL Injection
Incomplete Blacklist
|
CVE-2026-31952
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
5.3 |
MEDIUM
Network
|
-
|
-
|
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash a…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-32952
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
- |
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote …
New
|
CWE-22
Path Traversal
|
CVE-2026-33076
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
- |
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/…
New
|
CWE-89
SQL Injection
|
CVE-2026-33078
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-31953
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31955
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL t…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-31956
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the input value is already valid `CDATA`, it is not escaped a seco…
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-32870
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
