|
161
|
- |
|
-
|
-
|
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unco…
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-42248
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2902
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22745
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4019
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vu…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-42518
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulat…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42517
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in th…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42516
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API re…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42515
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTP…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-42514
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vul…
New
|
-
|
CVE-2026-42513
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
