|
1591
|
6.5 |
MEDIUM
Network
|
powerdns
|
dnsdist
|
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send D…
|
CWE-863
Incorrect Authorization
|
CVE-2026-24029
|
2026-04-15 01:24 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1592
|
7.5 |
HIGH
Network
|
automattic
|
activitypub
|
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts
|
NVD-CWE-noinfo
|
CVE-2026-4338
|
2026-04-15 01:23 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1593
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_ax53_firmware
|
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file…
|
CWE-78
OS Command
|
CVE-2026-30818
|
2026-04-15 01:20 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1594
|
5.7 |
MEDIUM
Adjacent
|
tp-link
|
archer_ax53_firmware
|
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is pro…
|
CWE-15
CWE-610
External Control of System or Configuration Setting
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2026-30817
|
2026-04-15 01:19 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1595
|
5.7 |
MEDIUM
Adjacent
|
tp-link
|
archer_ax53_firmware
|
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is p…
|
CWE-15
CWE-610
External Control of System or Configuration Setting
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2026-30816
|
2026-04-15 01:19 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1596
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_ax53_firmware
|
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration fil…
|
CWE-78
OS Command
|
CVE-2026-30815
|
2026-04-15 01:19 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1597
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_ax53_firmware
|
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via …
|
CWE-121
CWE-787
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-30814
|
2026-04-15 01:19 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1598
|
7.8 |
HIGH
Local
|
amazon
|
athena_odbc
|
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authenticatio…
|
CWE-77
Command Injection
|
CVE-2026-35558
|
2026-04-15 01:17 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1599
|
7.5 |
HIGH
Network
|
montala
|
resourcespace
|
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can…
|
CWE-89
SQL Injection
|
CVE-2019-25662
|
2026-04-15 01:16 |
2026-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1600
|
4.7 |
MEDIUM
Network
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
|
CWE-601
Open Redirect
|
CVE-2026-39484
|
2026-04-15 01:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
