|
11
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api…
New
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2026-24468
|
2026-04-21 03:59 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE de…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40494
|
2026-04-21 03:55 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40492
|
2026-04-21 03:55 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40493
|
2026-04-21 03:55 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
8.8 |
HIGH
Network
|
-
|
-
|
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attacker…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-34427
|
2026-04-21 03:54 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
7.7 |
HIGH
Network
|
-
|
-
|
Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl witho…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34428
|
2026-04-21 03:54 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34429
|
2026-04-21 03:54 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping…
New
|
CWE-94
Code Injection
|
CVE-2026-39918
|
2026-04-21 03:54 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
- |
|
-
|
-
|
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticat…
New
|
-
|
CVE-2026-39109
|
2026-04-21 03:51 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
- |
|
-
|
-
|
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows…
New
|
-
|
CVE-2026-39110
|
2026-04-21 03:51 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
