|
3301
|
7.5 |
HIGH
Network
|
monetr
|
monetr
|
monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe sig…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40481
|
2026-04-25 01:57 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3302
|
5.3 |
MEDIUM
Network
|
fastapiexpert
|
python-multipart
|
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or…
|
CWE-400
CWE-834
Uncontrolled Resource Consumption
Excessive Iteration
|
CVE-2026-40347
|
2026-04-25 01:51 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3303
|
8.8 |
HIGH
Network
|
nextcloud
windmill
|
flow
windmill
|
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the …
|
CWE-862
Missing Authorization
|
CVE-2026-22683
|
2026-04-25 01:49 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3304
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released unt…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33594
|
2026-04-25 01:48 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3305
|
8.8 |
HIGH
Local
|
nsa
|
emissary
|
Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /b…
|
CWE-78
CWE-116
OS Command
Improper Encoding or Escaping of Output
|
CVE-2026-35582
|
2026-04-25 01:48 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3306
|
8.3 |
HIGH
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST…
|
CWE-352
Origin Validation Error
|
CVE-2026-40925
|
2026-04-25 01:46 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3307
|
5.7 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_cs_student_records
|
Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerab…
|
CWE-284
Improper Access Control
|
CVE-2026-35241
|
2026-04-25 01:44 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3308
|
7.8 |
HIGH
Local
|
oracle
|
application_development_framework
|
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. E…
|
CWE-284
Improper Access Control
|
CVE-2026-35243
|
2026-04-25 01:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3309
|
9.1 |
CRITICAL
Network
|
oracle
|
enterprise_manager_base_platform
|
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily explo…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-34279
|
2026-04-25 01:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3310
|
6.0 |
MEDIUM
Local
|
oracle
|
graalvm
jdk
jre
|
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22003
|
2026-04-25 01:42 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
