|
521
|
6.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path …
New
|
CWE-22
Path Traversal
|
CVE-2026-40909
|
2026-04-24 03:55 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
6.1 |
MEDIUM
Network
|
oracle
|
identity_manager
|
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitabl…
New
|
CWE-284
CWE-601
Improper Access Control
Open Redirect
|
CVE-2026-34283
|
2026-04-24 03:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
6.1 |
MEDIUM
Network
|
oracle
|
business_process_management_suite
|
Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.…
New
|
CWE-284
CWE-601
Improper Access Control
Open Redirect
|
CVE-2026-34284
|
2026-04-24 03:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
8.7 |
HIGH
Network
|
oracle
|
http_server
|
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34291
|
2026-04-24 03:48 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
7.2 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34292
|
2026-04-24 03:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
8.8 |
HIGH
Network
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-35587
|
2026-04-24 03:42 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
9.8 |
CRITICAL
Network
|
reconurge
|
flowsint
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to ma…
New
|
CWE-78
OS Command
|
CVE-2026-32311
|
2026-04-24 03:41 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
8.4 |
HIGH
Local
|
gitlawb
|
openclaude
|
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool…
New
|
CWE-22
CWE-284
Path Traversal
Improper Access Control
|
CVE-2026-35570
|
2026-04-24 03:37 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
10.0 |
CRITICAL
Network
|
anthropic
|
claude_code
|
Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Clau…
New
|
CWE-22
CWE-61
Path Traversal
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-39861
|
2026-04-24 03:36 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
5.3 |
MEDIUM
Network
|
netfoundry
|
zrok
|
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler (controller/unaccess.go) contains a logical error in its ownership guard: when a …
Update
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2026-40304
|
2026-04-24 03:33 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
