|
1521
|
7.8 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
La aplicación no valida correctamente la vida útil y la validez de los punteros internos de la caché de vistas después de que JavaScript cambia el zoom del documento y el estado de la página. Cuando …
|
CWE-416
Use After Free
|
CVE-2026-3777
|
2026-04-15 02:54 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-3778
|
2026-04-15 02:50 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
La aplicación no detecta ni protege contra referencias cíclicas de objetos PDF al manejar JavaScript en PDF. Cuando se elaboran páginas y anotaciones que se referencian mutuamente en un bucle, al pas…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-3778
|
2026-04-15 02:50 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
4.8 |
MEDIUM
Adjacent
|
openwrt
|
luci
openwrt
|
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendere…
|
CWE-79
Cross-site Scripting
|
CVE-2026-32721
|
2026-04-15 02:49 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
4.8 |
MEDIUM
Adjacent
|
openwrt
|
luci
openwrt
|
LuCI es la interfaz de configuración de OpenWrt. Las versiones anteriores a la 24.10.5 y a la 25.12.0 contienen una vulnerabilidad de XSS almacenado en el modal de escaneo inalámbrico, donde los valo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-32721
|
2026-04-15 02:49 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
8.8 |
HIGH
Network
|
getqui
|
qui
|
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials…
|
CWE-942
NVD-CWE-Other
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-30924
|
2026-04-15 02:48 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
8.8 |
HIGH
Network
|
getqui
|
qui
|
qui es una interfaz web para gestionar instancias de qBittorrent. Las versiones 1.14.1 e inferiores utilizan una política CORS permisiva que refleja orígenes arbitrarios y también devuelve Access-Con…
|
CWE-942
NVD-CWE-Other
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-30924
|
2026-04-15 02:48 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
7.5 |
HIGH
Network
|
windmill
|
windmill
|
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill…
|
CWE-22
Path Traversal
|
CVE-2026-29059
|
2026-04-15 02:48 |
2026-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
7.5 |
HIGH
Network
|
windmill
|
windmill
|
Windmill es una plataforma para desarrolladores de código abierto para código interno: APIs, trabajos en segundo plano, flujos de trabajo e interfaces de usuario. Antes de la versión 1.603.3, existe …
|
CWE-22
Path Traversal
|
CVE-2026-29059
|
2026-04-15 02:48 |
2026-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
2.7 |
LOW
Network
|
oretnom23
|
computer_and_mobile_repair_shop_management_system
|
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.
|
CWE-89
SQL Injection
|
CVE-2026-36947
|
2026-04-15 02:43 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
