|
1141
|
7.5 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export ro…
|
CWE-284
Improper Access Control
|
CVE-2026-40595
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1142
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to on…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40600
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1143
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that return…
|
CWE-284
Improper Access Control
|
CVE-2026-40603
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1144
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest end…
|
CWE-284
Improper Access Control
|
CVE-2026-40904
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1145
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6539
|
2026-05-2 00:29 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1146
|
4.6 |
MEDIUM
Network
|
-
|
-
|
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7429
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1147
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-7324
|
2026-05-2 00:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1148
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3340
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1149
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al…
|
CWE-89
SQL Injection
|
CVE-2026-3346
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1150
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot d…
|
CWE-22
Path Traversal
|
CVE-2026-4502
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
