|
5071
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the int…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4918
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5072
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4919
|
2026-04-28 03:11 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5073
|
5.3 |
MEDIUM
Network
|
oracle
|
goldengate
|
Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access v…
|
CWE-200
Information Exposure
|
CVE-2026-34273
|
2026-04-28 03:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5074
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_customer_screening
|
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0.…
|
CWE-285
Improper Authorization
|
CVE-2026-34320
|
2026-04-28 03:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5075
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_transaction_filtering
|
Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8…
|
CWE-284
Improper Access Control
|
CVE-2026-35231
|
2026-04-28 03:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5076
|
5.4 |
MEDIUM
Network
|
linuxfoundation
|
tekton_pipelines
|
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restr…
|
CWE-22
Path Traversal
|
CVE-2026-40923
|
2026-04-28 03:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5077
|
6.5 |
MEDIUM
Network
|
linuxfoundation
|
tekton_pipelines
|
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40924
|
2026-04-28 03:06 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5078
|
7.5 |
HIGH
Network
|
lxml
|
lxml
|
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML in…
|
CWE-611
XXE
|
CVE-2026-41066
|
2026-04-28 02:59 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5079
|
7.7 |
HIGH
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user wit…
|
CWE-617
Reachable Assertion
|
CVE-2026-41485
|
2026-04-28 02:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5080
|
9.1 |
CRITICAL
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attache…
|
CWE-200
CWE-918
Information Exposure
Server-Side Request Forgery (SSRF)
|
CVE-2026-41323
|
2026-04-28 02:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
