|
1861
|
8.2 |
HIGH
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL …
|
CWE-89
SQL Injection
|
CVE-2026-34747
|
2026-04-14 03:53 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1862
|
7.7 |
HIGH
Network
|
payloadcms
|
payload
|
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Au…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34746
|
2026-04-14 03:52 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1863
|
9.8 |
CRITICAL
Network
|
hackerbay
|
oneuptime
|
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35053
|
2026-04-14 03:46 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1864
|
8.6 |
HIGH
Network
|
praison
|
praisonaiagents
|
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34954
|
2026-04-14 03:46 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1865
|
8.1 |
HIGH
Network
|
hackerbay
|
oneuptime
|
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verific…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-34840
|
2026-04-14 03:46 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1866
|
8.1 |
HIGH
Network
|
hackerbay
|
oneuptime
|
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoi…
|
CWE-862
Missing Authorization
|
CVE-2026-34759
|
2026-04-14 03:45 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1867
|
8.8 |
HIGH
Network
|
sillytavern
|
sillytavern
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version…
|
CWE-22
Path Traversal
|
CVE-2026-34524
|
2026-04-14 03:43 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1868
|
5.0 |
MEDIUM
Network
|
sillytavern
|
sillytavern
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34526
|
2026-04-14 03:39 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1869
|
6.5 |
MEDIUM
Network
|
python-poetry
|
poetry
|
Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary …
|
CWE-22
Path Traversal
|
CVE-2026-34591
|
2026-04-14 03:38 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1870
|
6.8 |
MEDIUM
Physics
|
samsung
|
android
|
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-21007
|
2026-04-14 03:38 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
