|
1821
|
6.1 |
MEDIUM
Network
|
pi-hole
|
web_interface
|
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33406
|
2026-04-14 11:04 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1822
|
7.8 |
HIGH
Local
|
twitch
|
twitch_studio
|
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unpro…
|
CWE-862
Missing Authorization
|
CVE-2024-14032
|
2026-04-14 11:01 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1823
|
7.5 |
HIGH
Network
|
fedify
|
fedify
vocab-runtime
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote doc…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34148
|
2026-04-14 10:58 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1824
|
5.0 |
MEDIUM
Network
|
openstack
|
glance
|
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34881
|
2026-04-14 10:51 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1825
|
5.0 |
MEDIUM
Network
|
openstack
|
glance
|
OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 se ve afectado por Falsificación de Petición del Lado del Servidor (SSRF). Mediante el uso de redirecciones HTTP, un usuario autenticado …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34881
|
2026-04-14 10:51 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1826
|
5.3 |
MEDIUM
Network
|
tautulli
|
tautulli
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Med…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31804
|
2026-04-14 10:43 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1827
|
5.3 |
MEDIUM
Network
|
tautulli
|
tautulli
|
Tautulli es una herramienta de monitoreo y seguimiento basada en Python para Plex Media Server. Antes de la versión 2.17.0, el endpoint /pms_image_proxy acepta un parámetro 'img' proporcionado por el…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31804
|
2026-04-14 10:43 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1828
|
5.3 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint, which serves the category listing API, fails to enforce user group-based access…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34364
|
2026-04-14 10:22 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1829
|
6.1 |
MEDIUM
Network
|
xinliangcoder
|
php_api_doc
|
XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in list_method.php that allows remote attackers to execute arbitrary JavaScript in a victim's …
|
CWE-79
Cross-site Scripting
|
CVE-2026-32844
|
2026-04-14 10:19 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1830
|
6.1 |
MEDIUM
Network
|
xinliangcoder
|
php_api_doc
|
XinLiangCoder php_api_doc a través del commit 1ce5bbf contiene una vulnerabilidad de cross-site scripting reflejado en list_method.php que permite a atacantes remotos ejecutar JavaScript arbitrario e…
|
CWE-79
Cross-site Scripting
|
CVE-2026-32844
|
2026-04-14 10:19 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
