|
211
|
8.3 |
HIGH
Network
|
-
|
-
|
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by man…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40516
|
2026-04-18 02:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attac…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-40515
|
2026-04-18 02:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
3.3 |
LOW
Local
|
-
|
-
|
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious…
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-40505
|
2026-04-18 02:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and incl…
New
|
CWE-22
Path Traversal
|
CVE-2026-3464
|
2026-04-18 02:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
5.5 |
MEDIUM
Local
|
juniper
|
junos
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker wit…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-33786
|
2026-04-18 02:14 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
5.5 |
MEDIUM
Local
|
juniper
|
junos
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local att…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-33787
|
2026-04-18 02:12 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
7.5 |
HIGH
Network
|
juniper
|
junos
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pac…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-33790
|
2026-04-18 02:11 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
7.8 |
HIGH
Local
|
ether_software
|
easy_video_to_ipod_converter
|
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25701
|
2026-04-18 02:01 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
8.8 |
HIGH
Network
|
impresscms
|
impresscms
|
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attacke…
Update
|
CWE-89
SQL Injection
|
CVE-2019-25703
|
2026-04-18 01:51 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
7.1 |
HIGH
Network
|
gurkanuzunca
|
newsbull
|
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and b…
Update
|
CWE-89
SQL Injection
|
CVE-2019-25699
|
2026-04-18 01:43 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
