|
2141
|
6.6 |
MEDIUM
Local
|
-
|
-
|
Successful exploitation of the
string injection vulnerability could allow an attacker to obtain memory address
information or crash the application.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-3008
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2142
|
5.1 |
MEDIUM
Local
|
-
|
-
|
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
|
CWE-197
Numeric Truncation Error
|
CVE-2026-42371
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2143
|
- |
|
-
|
-
|
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information …
|
CWE-346
Origin Validation Error
|
CVE-2026-22077
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2144
|
- |
|
-
|
-
|
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-15626
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2145
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion.
Plug.Cowboy.Conn.conn/1 in li…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-32688
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2146
|
- |
|
-
|
-
|
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
|
CWE-278
Insecure Preserved Inherited Permissions
|
CVE-2026-6265
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2147
|
- |
|
-
|
-
|
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
-
|
CVE-2026-30350
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2148
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sy…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-40514
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2149
|
- |
|
-
|
-
|
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally defe…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-6357
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2150
|
7.5 |
HIGH
Network
|
-
|
-
|
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
|
CWE-22
Path Traversal
|
CVE-2026-30351
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
