|
1451
|
7.8 |
HIGH
Local
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates i…
|
CWE-78
OS Command
|
CVE-2026-27806
|
2026-04-15 04:31 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1452
|
5.7 |
MEDIUM
Adjacent
|
lfprojects
|
mcp_java_sdk
|
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to acc…
|
CWE-346
Origin Validation Error
|
CVE-2026-35568
|
2026-04-15 04:31 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1453
|
9.1 |
CRITICAL
Network
|
qd-today
|
qd
|
QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2023-46945
|
2026-04-15 04:29 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1454
|
7.2 |
HIGH
Network
|
dreamfactory
|
dreamfactory_core
|
An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.
|
CWE-22
Path Traversal
|
CVE-2025-55988
|
2026-04-15 04:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1455
|
7.2 |
HIGH
Network
|
dreamfactory
|
dreamfactory_core
|
Un problema en el componente /Controllers/RestController.php de DreamFactory Core v1.0.3 permite a los atacantes ejecutar un salto de directorio a través de una ruta URI no saneada.
|
CWE-22
Path Traversal
|
CVE-2025-55988
|
2026-04-15 04:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1456
|
5.4 |
MEDIUM
Network
|
syncfusion
|
syncfusion
|
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.
|
CWE-79
Cross-site Scripting
|
CVE-2025-63260
|
2026-04-15 04:26 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1457
|
5.4 |
MEDIUM
Network
|
syncfusion
|
syncfusion
|
SyncFusion 30.1.37 es vulnerable a Cross Site Scripting (XSS) a través del campo de respuesta a comentarios del Editor de Documentos y el mensaje de chat de la interfaz de usuario de chat.
|
CWE-79
Cross-site Scripting
|
CVE-2025-63260
|
2026-04-15 04:26 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1458
|
6.3 |
MEDIUM
Network
|
librechat
|
librechat
|
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments us…
|
CWE-22
Path Traversal
|
CVE-2026-34371
|
2026-04-15 04:24 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1459
|
5.5 |
MEDIUM
Local
|
flatpak
|
xdg-dbus-proxy
|
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules b…
|
CWE-1289
NVD-CWE-noinfo
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-34080
|
2026-04-15 04:23 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1460
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo …
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-39564
|
2026-04-15 04:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
