|
101
|
7.5 |
HIGH
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar Sócio) functi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40286
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
8.8 |
HIGH
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the sessi…
New
|
CWE-89
CWE-302
CWE-473
SQL Injection
Authentication Bypass by Assumed-Immutable Data
PHP External Variable Modification
|
CVE-2026-40285
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40284
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
- |
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40282
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
8.1 |
HIGH
Network
|
-
|
-
|
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group,…
New
|
CWE-708
Incorrect Ownership Assignment
|
CVE-2026-40196
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the prox…
New
|
CWE-362
CWE-863
Race Condition
Incorrect Authorization
|
CVE-2026-40155
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
- |
|
-
|
-
|
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without va…
New
|
CWE-426
Untrusted Search Path
|
CVE-2026-35603
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-con…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-35512
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
- |
|
-
|
-
|
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentia…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35402
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33689
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
