|
181
|
- |
|
-
|
-
|
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.
New
|
-
|
CVE-2025-54505
|
2026-04-29 13:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6744
|
2026-04-29 10:00 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripti…
Update
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6745
|
2026-04-29 10:00 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component E…
Update
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-6799
|
2026-04-29 10:00 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host …
Update
|
CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-6874
|
2026-04-29 10:00 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate…
Update
|
CWE-264
CWE-265
Permissions, Privileges, and Access Controls
Privilege Issues
|
CVE-2026-6878
|
2026-04-29 10:00 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) t…
Update
|
CWE-94
Code Injection
|
CVE-2026-6951
|
2026-04-29 10:00 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorizati…
Update
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-6977
|
2026-04-29 10:00 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sq…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6978
|
2026-04-29 10:00 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes serve…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6979
|
2026-04-29 10:00 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
