|
1471
|
6.5 |
MEDIUM
Network
|
redaxo
|
redaxo
|
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting …
|
CWE-352
Origin Validation Error
|
CVE-2016-20053
|
2026-04-15 04:08 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1472
|
9.8 |
CRITICAL
Network
|
snewscms
|
snews
|
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-20052
|
2026-04-15 04:05 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1473
|
4.3 |
MEDIUM
Network
|
snewscms
|
snews
|
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can tric…
|
CWE-352
Origin Validation Error
|
CVE-2016-20051
|
2026-04-15 04:04 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1474
|
5.5 |
MEDIUM
Local
|
mcafee
|
netschedscan
|
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can past…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-20050
|
2026-04-15 04:03 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1475
|
6.1 |
MEDIUM
Network
|
electronjs
|
electron
|
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alph…
|
CWE-668
CWE-1188
Exposure of Resource to Wrong Sphere
Insecure Default Initialization of Resource
|
CVE-2026-34780
|
2026-04-15 04:02 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1476
|
9.1 |
CRITICAL
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this …
|
CWE-20
Improper Input Validation
|
CVE-2025-54236
|
2026-04-15 04:00 |
2025-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1477
|
10.0 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-p…
|
CWE-78
OS Command
|
CVE-2026-34955
|
2026-04-15 03:56 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1478
|
7.8 |
HIGH
Local
|
electronjs
|
electron
|
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFo…
|
CWE-78
OS Command
|
CVE-2026-34779
|
2026-04-15 03:55 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1479
|
5.4 |
MEDIUM
Network
|
opensourcepos
|
open_source_point_of_sale
|
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-32712
|
2026-04-15 03:45 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1480
|
7.5 |
HIGH
Network
|
opentelemetry
|
opentelemetry
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-29181
|
2026-04-15 03:45 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
