|
951
|
7.8 |
HIGH
Local
|
hcltech
|
aion
|
HCL AION está afectado por una vulnerabilidad donde las operaciones de análisis de archivos no confiables no se ejecutan dentro de un entorno de sandbox debidamente aislado. Esto puede exponer la apl…
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-52643
|
2026-04-26 03:04 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
7.5 |
HIGH
Network
|
hcltech
|
aion
|
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-52636
|
2026-04-26 03:04 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
7.5 |
HIGH
Network
|
hcltech
|
aion
|
HCL AION se ve afectado por una vulnerabilidad relacionada con el manejo de los límites de tamaño de carga. Un control o validación inadecuados de los tamaños de carga puede permitir un consumo exces…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-52636
|
2026-04-26 03:04 |
2026-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
7.5 |
HIGH
Network
|
fedify
|
fedify\/fedify
fedify\/vocab-runtime
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote doc…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34148
|
2026-04-26 03:03 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-21388
|
2026-04-26 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
3.7 |
LOW
Network
|
linuxfoundation
|
backstage\/backend_defaults
|
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-24048
|
2026-04-26 03:01 |
2026-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
3.7 |
LOW
Network
|
linuxfoundation
|
backstage\/backend_defaults
|
Backstage es un framework abierto para construir portales de desarrolladores, y @backstage/backend-defaults proporciona las implementaciones y configuración predeterminadas para una aplicación backen…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-24048
|
2026-04-26 03:01 |
2026-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
2.7 |
LOW
Network
|
linuxfoundation
|
backstage\/integration
|
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encod…
|
CWE-22
Path Traversal
|
CVE-2026-29185
|
2026-04-26 03:01 |
2026-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
2.7 |
LOW
Network
|
linuxfoundation
|
backstage\/integration
|
Backstage es un framework abierto para construir portales de desarrolladores. Antes de la versión 1.20.1, una vulnerabilidad en el análisis de URL de SCM utilizado por las integraciones de Backstage …
|
CWE-22
Path Traversal
|
CVE-2026-29185
|
2026-04-26 03:01 |
2026-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
6.5 |
MEDIUM
Network
|
linuxfoundation
|
backstage\/plugin-scaffolder-backend
|
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run throug…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-29184
|
2026-04-26 03:01 |
2026-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
