|
1911
|
7.8 |
HIGH
Local
|
khyrenz
|
parseusbs
|
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary…
|
CWE-78
OS Command
|
CVE-2026-40030
|
2026-04-14 05:27 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1912
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attack…
|
CWE-601
Open Redirect
|
CVE-2026-40037
|
2026-04-14 05:27 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1913
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35619
|
2026-04-14 05:27 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1914
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change own…
|
CWE-862
Missing Authorization
|
CVE-2026-35620
|
2026-04-14 05:27 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1915
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulatio…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6215
|
2026-04-14 05:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1916
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6202
|
2026-04-14 05:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1917
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manip…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-6201
|
2026-04-14 05:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1918
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.Thi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39703
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1919
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39695
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1920
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39693
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
