|
1661
|
7.8 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git…
|
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CVE-2026-35641
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1662
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip i…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35602
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1663
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the a…
|
CWE-862
Missing Authorization
|
CVE-2026-35598
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1664
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization obj…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-35594
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1665
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.
|
CWE-89
SQL Injection
|
CVE-2026-29861
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1666
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With t…
|
CWE-284
Improper Access Control
|
CVE-2026-23782
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1667
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credenti…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-23781
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1668
|
8.8 |
HIGH
Network
|
-
|
-
|
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to …
|
CWE-89
SQL Injection
|
CVE-2026-23780
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1669
|
7.3 |
HIGH
Local
|
ludashi
|
ludashi_driver
|
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a no…
|
CWE-269
CWE-732
Improper Privilege Management
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-67246
|
2026-04-15 00:16 |
2026-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1670
|
7.3 |
HIGH
Local
|
ludashi
|
ludashi_driver
|
Una vulnerabilidad de revelación de información local existe en el controlador Ludashi anterior a la versión 5.1025 debido a una falta de control de acceso en el controlador IOCTL. Este controlador e…
|
CWE-269
CWE-732
Improper Privilege Management
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-67246
|
2026-04-15 00:16 |
2026-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
