|
1871
|
2.4 |
LOW
Physics
|
samsung
|
android
|
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.
|
NVD-CWE-noinfo
|
CVE-2026-21006
|
2026-04-14 03:38 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1872
|
6.5 |
MEDIUM
Adjacent
|
samsung
|
android
|
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
|
NVD-CWE-noinfo
|
CVE-2026-21008
|
2026-04-14 03:38 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1873
|
7.5 |
HIGH
Network
|
ash-hq
|
ash_framework
|
Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.conca…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34593
|
2026-04-14 03:37 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1874
|
5.3 |
MEDIUM
Network
|
sillytavern
|
sillytavern
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version…
|
CWE-22
Path Traversal
|
CVE-2026-34523
|
2026-04-14 03:35 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1875
|
8.1 |
HIGH
Network
|
sillytavern
|
sillytavern
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-34522
|
2026-04-14 03:34 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1876
|
9.8 |
CRITICAL
Network
|
microsoft
|
bing
|
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-32186
|
2026-04-14 03:32 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1877
|
9.8 |
CRITICAL
Network
|
cloudreve
|
cloudreve
|
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to gen…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-25726
|
2026-04-14 03:31 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1878
|
10.0 |
CRITICAL
Network
|
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-28798
|
2026-04-14 03:27 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1879
|
8.1 |
HIGH
Network
|
fka
|
prompts.chat
|
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archi…
|
CWE-22
Path Traversal
|
CVE-2026-22661
|
2026-04-14 03:23 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1880
|
7.7 |
HIGH
Network
|
elastic
|
kibana
|
Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122).…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-4498
|
2026-04-14 03:22 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
