|
1891
|
5.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo es una plataforma de video de código abierto. Antes de la versión 26.0, la función 'run()' del plugin Scheduler en 'plugin/Scheduler/Scheduler.php' llama a 'url_get_contents()' con una 'c…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33237
|
2026-04-14 03:16 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1892
|
3.1 |
LOW
Network
|
-
|
-
|
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML d…
|
CWE-843
Type Confusion
|
CVE-2025-11731
|
2026-04-14 03:16 |
2025-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1893
|
3.3 |
LOW
Local
|
samsung
|
android
|
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
|
NVD-CWE-noinfo
|
CVE-2026-21012
|
2026-04-14 03:16 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1894
|
6.8 |
MEDIUM
Physics
|
samsung
|
android
|
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-21011
|
2026-04-14 03:15 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1895
|
7.5 |
HIGH
Network
|
fka
|
prompts.chat
|
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized u…
|
CWE-862
Missing Authorization
|
CVE-2026-22663
|
2026-04-14 03:15 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1896
|
7.8 |
HIGH
Local
|
samsung
|
android
|
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
|
NVD-CWE-noinfo
|
CVE-2026-21010
|
2026-04-14 03:14 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1897
|
7.7 |
HIGH
Network
|
fka
|
prompts.chat
|
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-22664
|
2026-04-14 03:13 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1898
|
8.1 |
HIGH
Network
|
fka
|
prompts.chat
|
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing a…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-22665
|
2026-04-14 03:10 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1899
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-5868
|
2026-04-14 03:10 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1900
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-472
CWE-190
External Control of Assumed-Immutable Web Parameter
Integer Overflow or Wraparound
|
CVE-2026-5870
|
2026-04-14 03:08 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
