|
271
|
7.7 |
HIGH
Network
|
-
|
-
|
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _…
Update
|
CWE-843
Type Confusion
|
CVE-2026-40683
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
8.8 |
HIGH
Network
|
-
|
-
|
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a…
Update
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-24893
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
- |
|
-
|
-
|
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. W…
Update
|
CWE-89
SQL Injection
|
CVE-2026-33714
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets th…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-33146
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoof…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-33193
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
4.9 |
MEDIUM
Network
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's…
Update
|
CWE-94
CWE-200
Code Injection
Information Exposure
|
CVE-2026-25125
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-25133
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
7.2 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because…
Update
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-33715
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
8.6 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessib…
Update
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-34160
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
- |
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality,…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34161
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
