|
461
|
7.5 |
HIGH
Network
|
-
|
-
|
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A mal…
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41324
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
- |
|
-
|
-
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41430
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
7.7 |
HIGH
Network
|
-
|
-
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user wit…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-41485
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
7.6 |
HIGH
Network
|
wger
|
wger
|
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead…
Update
|
CWE-284
CWE-862
Improper Access Control
Missing Authorization
|
CVE-2026-40474
|
2026-04-24 23:46 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
5.4 |
MEDIUM
Network
|
wger
|
wger
|
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled lic…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-40353
|
2026-04-24 23:46 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
- |
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41170
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
- |
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protectio…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41171
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
- |
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41172
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). Th…
New
|
CWE-73
CWE-918
External Control of File Name or Path
Server-Side Request Forgery (SSRF)
|
CVE-2026-41177
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger …
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-33999
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
