|
91
|
5.3 |
MEDIUM
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, …
New
|
CWE-200
Information Exposure
|
CVE-2026-39857
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
- |
|
-
|
-
|
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Users are advised to upgrade to Airflow version that contains fix.
Users are recommended to upgrade t…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-31987
|
2026-04-16 23:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
6.3 |
MEDIUM
Local
|
adobe
|
acrobat
acrobat_dc
acrobat_reader_dc
|
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-34626
|
2026-04-16 23:14 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
8.6 |
HIGH
Local
|
adobe
|
acrobat
acrobat_dc
acrobat_reader_dc
|
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-34622
|
2026-04-16 23:14 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator…
New
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-35625
|
2026-04-16 22:43 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
5.9 |
MEDIUM
Network
|
-
|
-
|
@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows …
New
|
CWE-177
Improper Handling of URL Encoding (Hex Encoding)
|
CVE-2026-6414
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
New
|
-
|
CVE-2026-5968
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
7.5 |
HIGH
Network
|
-
|
-
|
Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfil…
New
|
-
|
CVE-2026-5756
|
2026-04-16 22:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized a…
New
|
-
|
CVE-2026-5754
|
2026-04-16 22:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
7.5 |
HIGH
Network
|
-
|
-
|
Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts.
The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::…
New
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-5088
|
2026-04-16 22:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
