|
331
|
- |
|
-
|
-
|
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This re…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6376
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
7.1 |
HIGH
Local
|
-
|
-
|
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the …
New
|
CWE-22
Path Traversal
|
CVE-2026-6940
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
6.6 |
MEDIUM
Local
|
-
|
-
|
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic…
New
|
CWE-59
Link Following
|
CVE-2026-6941
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
9.8 |
CRITICAL
Network
|
-
|
-
|
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-26210
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execut…
New
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41274
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
6.1 |
MEDIUM
Local
|
-
|
-
|
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for exampl…
New
|
CWE-22
Path Traversal
|
CVE-2026-29050
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
4.4 |
MEDIUM
Local
|
-
|
-
|
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also usable via `me…
New
|
CWE-22
Path Traversal
|
CVE-2026-29051
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
7.6 |
HIGH
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API rou…
New
|
CWE-89
CWE-184
SQL Injection
Incomplete Blacklist
|
CVE-2026-31952
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
5.3 |
MEDIUM
Network
|
-
|
-
|
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash a…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-32952
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
- |
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote …
New
|
CWE-22
Path Traversal
|
CVE-2026-33076
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
