|
1611
|
4.3 |
MEDIUM
Network
|
nodcms
|
nodcms
|
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administ…
|
CWE-79
CWE-352
Cross-site Scripting
Origin Validation Error
|
CVE-2016-20054
|
2026-04-15 01:15 |
2026-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
7.8 |
HIGH
Local
|
amazon
|
athena_odbc
|
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted…
|
CWE-78
OS Command
|
CVE-2026-5485
|
2026-04-15 01:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
7.5 |
HIGH
Network
|
amazon
|
athena_odbc
|
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that t…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35562
|
2026-04-15 01:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
9.8 |
CRITICAL
Network
|
amazon
|
athena_odbc
|
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authenticati…
|
CWE-862
Missing Authorization
|
CVE-2026-35561
|
2026-04-15 01:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
5.9 |
MEDIUM
Network
|
amazon
|
athena_odbc
|
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication cre…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-35560
|
2026-04-15 01:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
6.5 |
MEDIUM
Network
|
amazon
|
athena_odbc
|
Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-35559
|
2026-04-15 01:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In som…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-27853
|
2026-04-15 01:12 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOpti…
|
CWE-416
Use After Free
|
CVE-2026-27854
|
2026-04-15 01:09 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
7.8 |
HIGH
Local
|
lfprojects
|
mlflow
|
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without pr…
|
CWE-78
OS Command
|
CVE-2026-0596
|
2026-04-15 01:01 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
8.8 |
HIGH
Network
|
ajax30
|
bravecms
|
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorControlle…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-35164
|
2026-04-15 00:51 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
