|
1541
|
9.8 |
CRITICAL
Network
|
itsourcecode
|
online_student_enrollment_system
|
A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['…
|
CWE-89
SQL Injection
|
CVE-2026-36232
|
2026-04-15 02:40 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause d…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-1092
|
2026-04-15 02:38 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
7.5 |
HIGH
Network
|
hono
|
node-server
|
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections (e.g. p…
|
CWE-863
Incorrect Authorization
|
CVE-2026-29087
|
2026-04-15 02:36 |
2026-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
7.5 |
HIGH
Network
|
hono
|
node-server
|
@hono/node-server permite ejecutar la aplicación Hono en Node.js. Antes de la versión 1.19.10, al usar el servicio de archivos estáticos de @hono/node-server junto con protecciones de middleware basa…
|
CWE-863
Incorrect Authorization
|
CVE-2026-29087
|
2026-04-15 02:36 |
2026-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
8.8 |
HIGH
Network
|
monospace
|
directus
|
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this va…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39942
|
2026-04-15 02:36 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
8.8 |
HIGH
Network
|
google
|
clasp
|
Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with dir…
|
CWE-22
Path Traversal
|
CVE-2026-4092
|
2026-04-15 02:34 |
2026-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
8.8 |
HIGH
Network
|
google
|
clasp
|
Salto de ruta en Clasp que afecta a las versiones < 3.2.0 permite a un atacante remoto realizar ejecución remota de código mediante un proyecto malicioso de Google Apps Script que contiene nombres…
|
CWE-22
Path Traversal
|
CVE-2026-4092
|
2026-04-15 02:34 |
2026-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
6.5 |
MEDIUM
Network
|
monospace
|
directus
|
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due …
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-39943
|
2026-04-15 02:34 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
3.5 |
LOW
Network
|
telesquare
|
sdt-cs3b1_firmware
|
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing re…
|
CWE-352
Origin Validation Error
|
CVE-2017-20221
|
2026-04-15 02:29 |
2026-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
3.5 |
LOW
Network
|
telesquare
|
sdt-cs3b1_firmware
|
El router Telesquare SKT LTE SDT-CS3B1 versión 1.2.0 contiene una vulnerabilidad de falsificación de petición en sitios cruzados que permite a atacantes autenticados ejecutar comandos de sistema arbi…
|
CWE-352
Origin Validation Error
|
CVE-2017-20221
|
2026-04-15 02:29 |
2026-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
