|
2121
|
7.4 |
HIGH
Network
|
-
|
-
|
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authent…
|
CWE-287
Improper Authentication
|
CVE-2026-34727
|
2026-04-14 01:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2122
|
7.1 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teach…
|
CWE-476
CWE-639
NULL Pointer Dereference
Authorization Bypass Through User-Controlled Key
|
CVE-2026-32894
|
2026-04-14 01:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2123
|
8.3 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is conca…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-31939
|
2026-04-14 01:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2124
|
6.1 |
MEDIUM
Network
|
apache
|
skywalking
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.
This issue affects Apache SkyWalking: <= 10.2.0.
Users are recommended to upgrade t…
|
CWE-80
Basic XSS
|
CVE-2025-54057
|
2026-04-14 01:16 |
2025-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2125
|
9.8 |
CRITICAL
Network
|
samsung
|
exynos_990_firmware
exynos_980_firmware
exynos_850_firmware
exynos_1080_firmware
exynos_1280_firmware
exynos_1330_firmware
exynos_1380_firmware
exynos_1480_firmware
exynos_158…
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 512…
|
CWE-787
Out-of-bounds Write
|
CVE-2025-62818
|
2026-04-14 00:31 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2126
|
3.8 |
LOW
Network
|
sonicwall
|
email_security
|
A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could expl…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-3470
|
2026-04-14 00:26 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2127
|
6.5 |
MEDIUM
Network
|
microsoft
|
xml_notepad
|
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by defa…
|
CWE-611
XXE
|
CVE-2026-34401
|
2026-04-14 00:19 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2128
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation o…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6183
|
2026-04-14 00:17 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2129
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6182
|
2026-04-14 00:17 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2130
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5735
|
2026-04-14 00:17 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
