|
621
|
6.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.php` contains an Insecure Direct Object Reference (IDOR) vulnerabilit…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40907
|
2026-04-24 04:12 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
5.3 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at the web root executes `git log -1` and returns the full output as JSON to any unauthenticated user…
New
|
CWE-200
Information Exposure
|
CVE-2026-40908
|
2026-04-24 04:09 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
6.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path …
New
|
CWE-22
Path Traversal
|
CVE-2026-40909
|
2026-04-24 03:55 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
6.1 |
MEDIUM
Network
|
oracle
|
identity_manager
|
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitabl…
New
|
CWE-284
CWE-601
Improper Access Control
Open Redirect
|
CVE-2026-34283
|
2026-04-24 03:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
6.1 |
MEDIUM
Network
|
oracle
|
business_process_management_suite
|
Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.…
New
|
CWE-284
CWE-601
Improper Access Control
Open Redirect
|
CVE-2026-34284
|
2026-04-24 03:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
8.7 |
HIGH
Network
|
oracle
|
http_server
|
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34291
|
2026-04-24 03:48 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
7.2 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34292
|
2026-04-24 03:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
8.8 |
HIGH
Network
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-35587
|
2026-04-24 03:42 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
9.8 |
CRITICAL
Network
|
reconurge
|
flowsint
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to ma…
New
|
CWE-78
OS Command
|
CVE-2026-32311
|
2026-04-24 03:41 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
8.4 |
HIGH
Local
|
gitlawb
|
openclaude
|
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool…
New
|
CWE-22
CWE-284
Path Traversal
Improper Access Control
|
CVE-2026-35570
|
2026-04-24 03:37 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
