|
1361
|
4.3 |
MEDIUM
Network
|
ayacoo
|
redirect_tab
|
La extensión falla al verificar si un usuario autenticado tiene permisos para acceder a las redirecciones, resultando en la exposición de registros de redirección al editar una página.
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2026-4202
|
2026-04-26 03:40 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
8.8 |
HIGH
Network
|
cps-it
|
mailqueue
|
The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active explo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-1323
|
2026-04-26 03:37 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
8.8 |
HIGH
Network
|
cps-it
|
mailqueue
|
La extensión no define correctamente las clases permitidas utilizadas al deserializar metadatos de fallo de transporte. Un atacante puede explotar esto para ejecutar código serializado no confiable. …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-1323
|
2026-04-26 03:37 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
9.4 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered o…
|
CWE-200
CWE-215
CWE-522
Information Exposure
Insertion of Sensitive Information Into Debugging Code
Insufficiently Protected Credentials
|
CVE-2026-40173
|
2026-04-26 03:27 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
7.8 |
HIGH
Local
|
getcomposer
|
composer
|
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs she…
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-40176
|
2026-04-26 03:24 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
6.1 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
sanitize-html
|
ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasse…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40186
|
2026-04-26 03:15 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
8.8 |
HIGH
Network
|
getcomposer
|
composer
|
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $source…
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-40261
|
2026-04-26 03:12 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
8.1 |
HIGH
Network
|
hashicorp
|
vault
|
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulne…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-3605
|
2026-04-26 03:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2025-52660
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
HCL AION está afectado por una vulnerabilidad de carga de archivos sin restricciones. Esto puede permitir cargas de archivos maliciosos, lo que podría resultar en ejecución de código no autorizada o …
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2025-52660
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
