|
1171
|
6.3 |
MEDIUM
Local
|
adobe
|
acrobat
acrobat_dc
acrobat_reader_dc
|
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-34626
|
2026-04-16 23:14 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1172
|
8.6 |
HIGH
Local
|
adobe
|
acrobat
acrobat_dc
acrobat_reader_dc
|
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-34622
|
2026-04-16 23:14 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1173
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-35625
|
2026-04-16 22:43 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1174
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2026-5968
|
2026-04-16 22:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1175
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4332
|
2026-04-16 22:00 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1176
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom r…
|
CWE-862
Missing Authorization
|
CVE-2026-4916
|
2026-04-16 21:59 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1177
|
7.5 |
HIGH
Network
|
-
|
-
|
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insu…
|
CWE-89
SQL Injection
|
CVE-2026-3489
|
2026-04-16 21:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1178
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3369
|
2026-04-16 21:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1179
|
3.1 |
LOW
Network
|
-
|
-
|
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user…
|
CWE-862
Missing Authorization
|
CVE-2026-3155
|
2026-04-16 21:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1180
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCo…
|
CWE-862
Missing Authorization
|
CVE-2026-0718
|
2026-04-16 17:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
