|
1881
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33459
|
2026-04-14 03:21 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
5.5 |
MEDIUM
Local
|
dell
|
elastic_cloud_storage
objectscale
|
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability.…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-28261
|
2026-04-14 03:20 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a …
|
CWE-20
Improper Input Validation
|
CVE-2026-5919
|
2026-04-14 03:19 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
4.3 |
MEDIUM
Network
|
fka
|
prompts.chat
|
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-cont…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-22662
|
2026-04-14 03:18 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based …
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-6196
|
2026-04-14 03:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handle…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6195
|
2026-04-14 03:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. T…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-6194
|
2026-04-14 03:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
4.3 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. Prior to version 26.0, the `listFiles.json.php` endpoint accepts a `path` POST parameter and passes it directly to `glob()` without restricting the path …
|
CWE-22
Path Traversal
|
CVE-2026-33238
|
2026-04-14 03:16 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
4.3 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo es una plataforma de video de código abierto. Antes de la versión 26.0, el endpoint 'listFiles.json.php' acepta un parámetro POST 'path' y lo pasa directamente a 'glob()' sin restringir l…
|
CWE-22
Path Traversal
|
CVE-2026-33238
|
2026-04-14 03:16 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
5.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's `run()` function in `plugin/Scheduler/Scheduler.php` calls `url_get_contents()` with an admin-configurable …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33237
|
2026-04-14 03:16 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
