|
3061
|
- |
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41170
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3062
|
- |
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protectio…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41171
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3063
|
- |
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41172
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3064
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). Th…
|
CWE-73
CWE-918
External Control of File Name or Path
Server-Side Request Forgery (SSRF)
|
CVE-2026-41177
|
2026-04-24 23:45 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3065
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function
|
CWE-94
Code Injection
|
CVE-2026-39087
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3066
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A critical XSS vulnerability affected hackage-server and
hackage.haskell.org. HTML and JavaScript files provided in source
packages or via the documentation upload facility were served
as-is on the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-40470
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3067
|
9.6 |
CRITICAL
Network
|
-
|
-
|
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to uplo…
|
CWE-352
Origin Validation Error
|
CVE-2026-40471
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3068
|
9.9 |
CRITICAL
Network
|
-
|
-
|
In hackage-server, user-controlled metadata from .cabal files are rendered into HTML
href attributes without proper sanitization, enabling stored
Cross-Site Scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2026-40472
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3069
|
- |
|
-
|
-
|
TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in de…
|
CWE-1394
Use of Default Cryptographic Key
|
CVE-2026-5039
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3070
|
8.0 |
HIGH
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could incl…
|
CWE-87
Improper Neutralization of Alternate XSS Syntax
|
CVE-2026-40321
|
2026-04-24 23:41 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
