|
71
|
8.8 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-3357
|
2026-04-15 06:28 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
7.7 |
HIGH
Network
|
-
|
-
|
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _…
New
|
CWE-843
Type Confusion
|
CVE-2026-40683
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
- |
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality,…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34161
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
8.6 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessib…
New
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-34160
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
7.2 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because…
New
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-33715
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
- |
|
-
|
-
|
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. W…
New
|
CWE-89
SQL Injection
|
CVE-2026-33714
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
7.8 |
HIGH
Local
|
-
|
-
|
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. A…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-27287
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
- |
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex p…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-25133
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
4.9 |
MEDIUM
Network
|
-
|
-
|
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's…
New
|
CWE-94
CWE-200
Code Injection
Information Exposure
|
CVE-2026-25125
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
8.8 |
HIGH
Network
|
-
|
-
|
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows a…
New
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-24893
|
2026-04-15 06:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
