|
3051
|
- |
|
-
|
-
|
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This re…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6376
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3052
|
9.8 |
CRITICAL
Network
|
-
|
-
|
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-26210
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3053
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execut…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-41274
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3054
|
5.3 |
MEDIUM
Network
|
-
|
-
|
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash a…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-32952
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3055
|
8.2 |
HIGH
Network
|
-
|
-
|
Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted i…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41309
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3056
|
8.1 |
HIGH
Network
|
-
|
-
|
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-41316
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3057
|
- |
|
-
|
-
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like expl…
|
CWE-352
Origin Validation Error
|
CVE-2026-41317
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3058
|
- |
|
-
|
-
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41430
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3059
|
7.6 |
HIGH
Network
|
wger
|
wger
|
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead…
|
CWE-284
CWE-862
Improper Access Control
Missing Authorization
|
CVE-2026-40474
|
2026-04-24 23:46 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3060
|
5.4 |
MEDIUM
Network
|
wger
|
wger
|
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled lic…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40353
|
2026-04-24 23:46 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
