|
2001
|
8.7 |
HIGH
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An aut…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34748
|
2026-04-14 04:13 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2002
|
7.8 |
HIGH
Local
|
microsoft
|
office
visual_basic_for_applications
visual_basic_for_applications_sdk
|
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic…
|
NVD-CWE-Other
CWE-426
Untrusted Search Path
|
CVE-2012-1854
|
2026-04-14 04:00 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2003
|
7.8 |
HIGH
Local
|
microsoft
|
office
visual_basic_for_applications
visual_basic_for_applications_sdk
|
Vulnerabilidad de búsqueda de ruta no confiable ("Untrusted search path") en VBE6.dll en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Microsoft Visual Basic para Applications (VBA)…
|
NVD-CWE-Other
CWE-426
Untrusted Search Path
|
CVE-2012-1854
|
2026-04-14 04:00 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2004
|
8.2 |
HIGH
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL …
|
CWE-89
SQL Injection
|
CVE-2026-34747
|
2026-04-14 03:53 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2005
|
7.7 |
HIGH
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Au…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34746
|
2026-04-14 03:52 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2006
|
9.8 |
CRITICAL
Network
|
hackerbay
|
oneuptime
|
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35053
|
2026-04-14 03:46 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2007
|
8.6 |
HIGH
Network
|
praison
|
praisonaiagents
|
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34954
|
2026-04-14 03:46 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2008
|
8.1 |
HIGH
Network
|
hackerbay
|
oneuptime
|
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verific…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-34840
|
2026-04-14 03:46 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2009
|
8.1 |
HIGH
Network
|
hackerbay
|
oneuptime
|
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoi…
|
CWE-862
Missing Authorization
|
CVE-2026-34759
|
2026-04-14 03:45 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2010
|
8.8 |
HIGH
Network
|
sillytavern
|
sillytavern
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version…
|
CWE-22
Path Traversal
|
CVE-2026-34524
|
2026-04-14 03:43 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
