|
541
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders …
New
|
CWE-200
Information Exposure
|
CVE-2026-4106
|
2026-04-24 03:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
6.9 |
MEDIUM
Network
|
-
|
-
|
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP…
New
|
CWE-79
CWE-1321
Cross-site Scripting
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-41238
|
2026-04-24 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
7.2 |
HIGH
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass t…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-33733
|
2026-04-24 03:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
7.5 |
HIGH
Network
|
oracle
|
hcm_common_architecture
|
Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable…
New
|
CWE-200
Information Exposure
|
CVE-2026-34297
|
2026-04-24 03:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
6.5 |
MEDIUM
Network
|
jupyter
|
nbconvert
|
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intend…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-39377
|
2026-04-24 02:51 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
6.5 |
MEDIUM
Network
|
jupyter
|
nbconvert
|
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's mark…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-39378
|
2026-04-24 02:50 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
8.1 |
HIGH
Network
|
openmage
|
magento
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25524
|
2026-04-24 02:47 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
4.9 |
MEDIUM
Network
|
openmage
|
magento
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
Update
|
CWE-22
CWE-184
Path Traversal
Incomplete Blacklist
|
CVE-2026-25525
|
2026-04-24 02:47 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
5.4 |
MEDIUM
Network
|
openmage
|
magento
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-40098
|
2026-04-24 02:46 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
8.8 |
HIGH
Network
|
openmage
|
magento
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40488
|
2026-04-24 02:45 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
