|
261
|
8.8 |
HIGH
Network
|
-
|
-
|
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a fu…
Update
|
CWE-269
CWE-639
Improper Privilege Management
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38529
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
8.1 |
HIGH
Network
|
-
|
-
|
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38530
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
8.1 |
HIGH
Network
|
-
|
-
|
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanentl…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38532
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and acco…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-38533
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
4.9 |
MEDIUM
Network
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature …
Update
|
CWE-284
CWE-693
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-22692
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.
Update
|
CWE-843
Type Confusion
|
CVE-2025-70023
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
- |
|
-
|
-
|
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-0207
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
- |
|
-
|
-
|
Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.
Update
|
CWE-783
Operator Precedence Logic Error
|
CVE-2026-0209
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. Whe…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24907
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-24906
|
2026-04-18 00:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
