|
101
|
7.5 |
HIGH
Network
|
-
|
-
|
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repo…
New
|
CWE-200
CWE-202
CWE-209
Information Exposure
Exposure of Sensitive Information Through Data Queries
Information Exposure Through an Error Message
|
CVE-2026-40245
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered o…
New
|
CWE-200
CWE-215
Information Exposure
Insertion of Sensitive Information Into Debugging Code
|
CVE-2026-40173
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS devic…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-3861
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and acco…
New
|
CWE-285
Improper Authorization
|
CVE-2026-38533
|
2026-04-16 22:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-33889
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Header injection vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2…
New
|
CWE-75
Special Element Injection
|
CVE-2026-31908
|
2026-04-16 22:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment…
New
|
CWE-284
Improper Access Control
|
CVE-2026-31843
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-31049
|
2026-04-16 22:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
7.5 |
HIGH
Network
|
-
|
-
|
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.
This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.
Users are recom…
New
|
CWE-202
Exposure of Sensitive Information Through Data Queries
|
CVE-2026-30778
|
2026-04-16 22:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesyst…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-30480
|
2026-04-16 22:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
