|
2061
|
6.5 |
MEDIUM
Network
|
emlog
|
emlog
|
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the …
|
CWE-352
Origin Validation Error
|
CVE-2026-34228
|
2026-04-14 02:38 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2062
|
7.5 |
HIGH
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variant…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-3902
|
2026-04-14 02:38 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2063
|
6.1 |
MEDIUM
Network
|
emlog
|
emlog
|
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerability in emlog comment module via URI scheme validation bypass. This issu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34229
|
2026-04-14 02:37 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2064
|
9.8 |
CRITICAL
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Add permissions on inline model instances were not validated on submission of
forged `POST` data in `GenericInl…
|
CWE-862
Missing Authorization
|
CVE-2026-4277
|
2026-04-14 02:37 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2065
|
7.2 |
HIGH
Network
|
emlog
|
emlog
|
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archive…
|
CWE-22
Path Traversal
|
CVE-2026-34607
|
2026-04-14 02:37 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2066
|
9.0 |
CRITICAL
Network
|
kestra
|
kestra
|
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Exec…
|
CWE-89
SQL Injection
|
CVE-2026-34612
|
2026-04-14 02:36 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2067
|
2.7 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new
instances to be created via for…
|
CWE-862
Missing Authorization
|
CVE-2026-4292
|
2026-04-14 02:34 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2068
|
6.5 |
MEDIUM
Network
|
emlog
|
emlog
|
Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET requ…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-34787
|
2026-04-14 02:32 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2069
|
6.5 |
MEDIUM
Network
|
emlog
|
emlog
|
Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly in…
|
CWE-89
SQL Injection
|
CVE-2026-34788
|
2026-04-14 02:29 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2070
|
7.5 |
HIGH
Network
|
mesop-dev
|
mesop
|
Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocke…
|
CWE-125
CWE-770
Out-of-bounds Read
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34824
|
2026-04-14 02:28 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
