|
141
|
7.5 |
HIGH
Network
|
-
|
-
|
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31317
|
2026-04-21 01:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
8.8 |
HIGH
Network
|
-
|
-
|
An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow ex…
Update
|
CWE-77
Command Injection
|
CVE-2026-30898
|
2026-04-21 01:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
8.8 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-26944
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tr…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25917
|
2026-04-21 01:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL tha…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-25883
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
9.0 |
CRITICAL
Network
|
-
|
-
|
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-24467
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.1…
New
|
CWE-78
OS Command
|
CVE-2026-23774
|
2026-04-21 01:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
Update
|
CWE-77
Command Injection
|
CVE-2026-21709
|
2026-04-21 01:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of inten…
New
|
CWE-89
SQL Injection
|
CVE-2025-66335
|
2026-04-21 01:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
4.3 |
MEDIUM
Network
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-32202
|
2026-04-21 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
