|
251
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800
Update
|
CWE-78
OS Command
|
CVE-2026-34188
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
- |
|
-
|
-
|
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker t…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-23891
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
4.0 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame wit…
Update
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-33555
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
8.8 |
HIGH
Network
|
-
|
-
|
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute sh…
Update
|
CWE-94
Code Injection
|
CVE-2026-29955
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
8.1 |
HIGH
Network
|
-
|
-
|
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks mean…
Update
|
CWE-78
OS Command
|
CVE-2026-28291
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
8.2 |
HIGH
Network
|
-
|
-
|
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strin…
Update
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-32316
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.
Update
|
CWE-94
Code Injection
|
CVE-2026-31048
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
7.5 |
HIGH
Network
|
-
|
-
|
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by …
Update
|
CWE-125
CWE-193
Out-of-bounds Read
Off-by-one Error
|
CVE-2026-32605
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
4.3 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the inter…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33534
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
4.6 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-admin…
Update
|
CWE-80
CWE-116
Basic XSS
Improper Encoding or Escaping of Output
|
CVE-2026-33657
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
