|
1481
|
4.3 |
MEDIUM
Network
|
plane
|
plane
|
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the …
|
CWE-200
CWE-598
NVD-CWE-noinfo
Information Exposure
Information Exposure Through Query Strings in GET Request
|
CVE-2026-27949
|
2026-04-15 03:44 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1482
|
8.8 |
HIGH
Network
|
polarlearn
|
polarlearn
|
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. Th…
|
CWE-287
Improper Authentication
|
CVE-2026-39322
|
2026-04-15 03:44 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1483
|
5.1 |
MEDIUM
Local
|
ocaml
|
ocaml
|
In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-34353
|
2026-04-15 03:43 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1484
|
7.5 |
HIGH
Network
|
qameta
|
allure_report
|
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path travers…
|
CWE-22
Path Traversal
|
CVE-2026-33166
|
2026-04-15 03:42 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1485
|
7.5 |
HIGH
Network
|
qameta
|
allure_report
|
Allure 2 es la rama 2.x de Allure Report, una herramienta de informes de pruebas multilenguaje. El generador de informes de Allure anterior a la versión 2.38.0 es vulnerable a una lectura de archivo …
|
CWE-22
Path Traversal
|
CVE-2026-33166
|
2026-04-15 03:42 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1486
|
7.4 |
HIGH
Network
|
effectful
|
effect
|
Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using `RpcServer.toWebHandler` (or `HttpApp.…
|
CWE-362
Race Condition
|
CVE-2026-32887
|
2026-04-15 03:41 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1487
|
7.4 |
HIGH
Network
|
effectful
|
effect
|
Effect es un framework de TypeScript que consta de varios paquetes que trabajan juntos para ayudar a construir aplicaciones TypeScript. Antes de la versión 3.20.0, al usar `RpcServer.toWebHandler` (o…
|
CWE-362
Race Condition
|
CVE-2026-32887
|
2026-04-15 03:41 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1488
|
7.5 |
HIGH
Network
|
qluster
|
deepdiff
|
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be lo…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33155
|
2026-04-15 03:24 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1489
|
7.5 |
HIGH
Network
|
qluster
|
deepdiff
|
DeepDiff es un proyecto centrado en la Diferencia Profunda y la búsqueda de cualquier dato de Python. Desde la versión 5.0.0 hasta antes de la versión 8.6.2, el des-serializador de pickle _Restricted…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33155
|
2026-04-15 03:24 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1490
|
8.1 |
HIGH
Network
|
dynaconf
|
dynaconf
|
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolv…
|
CWE-94
CWE-1336
CWE-78
Code Injection
Improper Neutralization of Special Elements Used in a Template Engine
OS Command
|
CVE-2026-33154
|
2026-04-15 03:23 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
