|
4951
|
- |
|
-
|
-
|
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5362
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4952
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-28747
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4953
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.
Affected: Spring Boot 4.0.0–4.0.5 (fix …
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40971
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4954
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillm…
|
CWE-94
Code Injection
|
CVE-2026-7191
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4955
|
9.4 |
CRITICAL
Network
|
-
|
-
|
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-3893
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4956
|
- |
|
-
|
-
|
A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.
|
CWE-694
Use of Multiple Resources with Duplicate Identifier
|
CVE-2026-5794
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4957
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to
trigger improper handling of XML input, which may result in unintended
exposure of sensitive information. The flaw stems from in…
|
CWE-611
XXE
|
CVE-2026-6807
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4958
|
6.5 |
MEDIUM
Network
|
apache
|
storm
|
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm
Versions Affected: up to 2.8.7
Description: When TLS transport is enabled in Apache …
|
CWE-287
Improper Authentication
|
CVE-2026-41081
|
2026-04-29 04:46 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4959
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha…
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-6785
|
2026-04-29 04:45 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4960
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-6786
|
2026-04-29 04:45 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
