|
371
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr…
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-1352
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
4.8 |
MEDIUM
Network
|
-
|
-
|
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-1726
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OA…
New
|
CWE-89
SQL Injection
|
CVE-2026-29198
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
7.8 |
HIGH
Local
|
-
|
-
|
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCam…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-32679
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deploy…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-3621
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
7.5 |
HIGH
Network
|
-
|
-
|
A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system.
New
|
CWE-22
Path Traversal
|
CVE-2026-40062
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
- |
|
-
|
-
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate …
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41176
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
- |
|
-
|
-
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinf…
New
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-41179
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
4.9 |
MEDIUM
Network
|
-
|
-
|
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../…
New
|
CWE-22
Path Traversal
|
CVE-2026-4917
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
5.5 |
MEDIUM
Network
|
-
|
-
|
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the int…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4918
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
