|
1931
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thr…
|
CWE-862
Missing Authorization
|
CVE-2026-39602
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1932
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39500
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1933
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a throu…
|
CWE-89
SQL Injection
|
CVE-2026-39496
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1934
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39482
|
2026-04-14 05:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1935
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without…
|
CWE-78
OS Command
|
CVE-2026-35022
|
2026-04-14 05:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1936
|
7.8 |
HIGH
Local
|
-
|
-
|
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting ma…
|
CWE-78
OS Command
|
CVE-2026-35021
|
2026-04-14 05:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1937
|
8.4 |
HIGH
Local
|
-
|
-
|
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitr…
|
CWE-78
OS Command
|
CVE-2026-35020
|
2026-04-14 05:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1938
|
4.7 |
MEDIUM
Local
|
amd
|
athlon_x4_750_firmware
athlon_x4_760k_firmware
athlon_x4_830_firmware
athlon_x4_840_firmware
athlon_x4_860k_firmware
athlon_x4_870k_firmware
athlon_x4_880k_firmware
athlon_x4_835…
|
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target
from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
|
NVD-CWE-noinfo
|
CVE-2022-27672
|
2026-04-14 05:16 |
2023-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1939
|
3.1 |
LOW
Network
|
libssh
redhat
|
libssh
enterprise_linux
|
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-0968
|
2026-04-14 05:15 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1940
|
3.1 |
LOW
Network
|
libssh
redhat
|
libssh
enterprise_linux
|
Se encontró una falla en libssh en la que un servidor SFTP (Protocolo de Transferencia de Archivos SSH) malicioso puede explotar esto enviando un campo 'longname' malformado dentro de un mensaje 'SSH…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-0968
|
2026-04-14 05:15 |
2026-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
