|
4831
|
8.1 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest end…
|
CWE-284
Improper Access Control
|
CVE-2026-40904
|
2026-05-2 00:31 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4832
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6539
|
2026-05-2 00:29 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4833
|
4.6 |
MEDIUM
Network
|
-
|
-
|
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7429
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4834
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-7324
|
2026-05-2 00:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4835
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3340
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4836
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al…
|
CWE-89
SQL Injection
|
CVE-2026-3346
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4837
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot d…
|
CWE-22
Path Traversal
|
CVE-2026-4502
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4838
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4503
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4839
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36180
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4840
|
6.2 |
MEDIUM
Local
|
-
|
-
|
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2025-36335
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
