|
121
|
9.8 |
CRITICAL
Network
|
dataease
|
dataease
|
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST…
|
CWE-89
SQL Injection
|
CVE-2026-33082
|
2026-04-21 01:34 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. Th…
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-6652
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
2.4 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item N…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6651
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation lead…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6650
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiter…
|
CWE-521
Weak Password Requirements
|
CVE-2026-6284
|
2026-04-21 01:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
7.1 |
HIGH
Network
|
-
|
-
|
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur wi…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-6066
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered usin…
|
CWE-94
Code Injection
|
CVE-2026-5760
|
2026-04-21 01:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
4.0 |
MEDIUM
Network
|
-
|
-
|
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).
|
CWE-94
Code Injection
|
CVE-2026-41282
|
2026-04-21 01:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controll…
|
CWE-22
Path Traversal
|
CVE-2026-41245
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
5.8 |
MEDIUM
Local
|
-
|
-
|
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
|
CWE-77
Command Injection
|
CVE-2026-41153
|
2026-04-21 01:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
