|
4481
|
9.8 |
CRITICAL
Network
|
apache
|
pony_mail
|
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.
This issue affects all …
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41873
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4482
|
2.7 |
LOW
Network
|
github
|
enterprise_server
|
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3307
|
2026-04-29 21:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4483
|
8.8 |
HIGH
Network
|
github
|
enterprise_server
|
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party …
|
CWE-185
Incorrect Regular Expression
|
CVE-2026-4296
|
2026-04-29 21:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4484
|
7.2 |
HIGH
Network
|
github
|
enterprise_server
|
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands…
|
CWE-78
OS Command
|
CVE-2026-4821
|
2026-04-29 21:36 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4485
|
4.3 |
MEDIUM
Network
|
github
|
enterprise_server
|
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobil…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-5512
|
2026-04-29 21:35 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4486
|
9.6 |
CRITICAL
Network
|
github
|
enterprise_server
|
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the int…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5845
|
2026-04-29 21:30 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4487
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Regist…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42652
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4488
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from …
|
CWE-862
Missing Authorization
|
CVE-2026-42648
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4489
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n…
|
CWE-89
SQL Injection
|
CVE-2026-42646
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4490
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders al…
|
CWE-352
Origin Validation Error
|
CVE-2026-42645
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
