|
601
|
7.6 |
HIGH
Network
|
openremote
|
openremote
|
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user wh…
New
|
CWE-611
XXE
|
CVE-2026-40882
|
2026-04-24 22:24 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
8.3 |
HIGH
Network
|
rustfs
|
rustfs
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40937
|
2026-04-24 22:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
7.0 |
HIGH
Network
|
openremote
|
openremote
|
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users…
New
|
CWE-284
Improper Access Control
|
CVE-2026-41166
|
2026-04-24 22:10 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
5.3 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-ref…
New
|
CWE-834
Excessive Iteration
|
CVE-2026-41168
|
2026-04-24 22:07 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
6.2 |
MEDIUM
Local
|
-
|
-
|
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly …
New
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-28950
|
2026-04-24 06:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause de…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-0186
|
2026-04-24 05:51 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause de…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-3922
|
2026-04-24 05:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause den…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-6016
|
2026-04-24 05:49 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authe…
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-9957
|
2026-04-24 05:46 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authe…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1660
|
2026-04-24 05:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
