|
5241
|
8.8 |
HIGH
Network
|
pyload
|
pyload
|
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize reques…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41133
|
2026-04-28 04:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5242
|
8.2 |
HIGH
Network
|
minio
|
minio
|
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-40344
|
2026-04-28 04:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5243
|
8.2 |
HIGH
Network
|
minio
|
minio
|
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNS…
|
CWE-287
Improper Authentication
|
CVE-2026-41145
|
2026-04-28 04:27 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5244
|
8.1 |
HIGH
Network
|
statamic
|
statamic
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in Gra…
|
CWE-470
Unsafe Reflection
|
CVE-2026-41175
|
2026-04-28 04:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5245
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.
Affected: Spring Boot 4.0.0–4…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40970
|
2026-04-28 04:26 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5246
|
- |
|
-
|
-
|
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation b…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4313
|
2026-04-28 04:23 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5247
|
7.5 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the input value is already valid `CDATA`, it is not escaped a seco…
|
CWE-91
Blind XPath Injection
|
CVE-2026-32870
|
2026-04-28 04:21 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5248
|
8.1 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-34587
|
2026-04-28 04:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5249
|
6.5 |
MEDIUM
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined …
|
CWE-863
Incorrect Authorization
|
CVE-2026-40099
|
2026-04-28 04:12 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5250
|
8.8 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined …
|
CWE-863
Incorrect Authorization
|
CVE-2026-41325
|
2026-04-28 04:07 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
