|
731
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability …
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-31991
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 seq…
|
CWE-20
Improper Input Validation
|
CVE-2026-6231
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks cou…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2025-3756
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
- |
|
-
|
-
|
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-u…
|
CWE-416
CWE-787
Use After Free
Out-of-bounds Write
|
CVE-2026-6100
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
- |
|
-
|
-
|
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the …
|
CWE-77
Command Injection
|
CVE-2026-4786
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in tim…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-5086
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed …
|
CWE-79
Cross-site Scripting
|
CVE-2026-0512
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauth…
|
CWE-539
Use of Persistent Cookies Containing Sensitive Information
|
CVE-2026-24318
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a lo…
|
CWE-862
Missing Authorization
|
CVE-2026-27672
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operation…
|
CWE-862
Missing Authorization
|
CVE-2026-27673
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
