|
451
|
- |
|
-
|
-
|
A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest.
1. Obtain any valid …
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6272
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
- |
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.
An authenticated attacker can show malicious content when browsin…
New
|
CWE-79
CWE-915
Cross-site Scripting
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-41043
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
- |
|
-
|
-
|
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-23902
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
- |
|
-
|
-
|
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation b…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4313
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
455
|
- |
|
-
|
-
|
P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate…
New
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-6043
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
- |
|
-
|
-
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
An authenticated attacker may by…
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-40466
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
- |
|
-
|
-
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.
An authenticated attacker can use …
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-41044
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
New
|
CWE-200
Information Exposure
|
CVE-2026-21515
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
6.5 |
MEDIUM
Network
|
-
|
-
|
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total leng…
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5265
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
8.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could ca…
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5367
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
