|
4971
|
8.1 |
HIGH
Network
|
statamic
|
statamic
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in Gra…
|
CWE-470
Unsafe Reflection
|
CVE-2026-41175
|
2026-04-28 04:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4972
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.
Affected: Spring Boot 4.0.0–4…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40970
|
2026-04-28 04:26 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4973
|
- |
|
-
|
-
|
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation b…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4313
|
2026-04-28 04:23 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4974
|
7.5 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the input value is already valid `CDATA`, it is not escaped a seco…
|
CWE-91
Blind XPath Injection
|
CVE-2026-32870
|
2026-04-28 04:21 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4975
|
8.1 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-34587
|
2026-04-28 04:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4976
|
6.5 |
MEDIUM
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined …
|
CWE-863
Incorrect Authorization
|
CVE-2026-40099
|
2026-04-28 04:12 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4977
|
8.8 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined …
|
CWE-863
Incorrect Authorization
|
CVE-2026-41325
|
2026-04-28 04:07 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4978
|
7.4 |
HIGH
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnP…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42033
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4979
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https tra…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42034
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4980
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42036
|
2026-04-28 03:57 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
