|
1341
|
5.3 |
MEDIUM
Network
|
oracle
|
jdk
graalvm
graalvm_for_jdk
jre
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-22013
|
2026-04-27 21:15 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1342
|
2.9 |
LOW
Local
|
oracle
|
graalvm
graalvm_for_jdk
jre
jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java S…
|
CWE-200
Information Exposure
|
CVE-2026-22007
|
2026-04-27 21:14 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1343
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorizati…
|
CWE-863
Incorrect Authorization
|
CVE-2026-30368
|
2026-04-27 20:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1344
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file …
|
CWE-200
CWE-538
Information Exposure
File and Directory Information Exposure
|
CVE-2026-7071
|
2026-04-27 10:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1345
|
9.3 |
CRITICAL
Network
|
-
|
-
|
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…
|
CWE-656
Reliance on Security Through Obscurity
|
CVE-2026-42363
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1346
|
7.5 |
HIGH
Network
|
libexpat_project
|
libexpat
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
|
CWE-331
Insufficient Entropy
|
CVE-2026-41080
|
2026-04-27 07:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1347
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attac…
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1348
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG permite a un usuario autenticado modificar o sobrescribir el archivo de configuración, resultando en denegación de servicio. Si la función de ejecución está específicamente habilitada con el ind…
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1349
|
9.8 |
CRITICAL
Network
|
newforma
|
project_center
|
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AU…
|
CWE-306
CWE-502
Missing Authentication for Critical Function
Deserialization of Untrusted Data
|
CVE-2025-35051
|
2026-04-27 04:04 |
2025-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1350
|
- |
|
-
|
-
|
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not p…
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
