|
1521
|
6.6 |
MEDIUM
Local
|
samsung
|
one
|
Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE.
Affected version is prior to commit 1.30.0.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40449
|
2026-04-28 03:21 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
9.8 |
CRITICAL
Network
|
rclone
|
rclone
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41176
|
2026-04-28 03:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
5.3 |
MEDIUM
Local
|
samsung
|
one
|
Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.
Affected version is prior to commit 1.30.0.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40448
|
2026-04-28 03:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
9.8 |
CRITICAL
Network
|
rclone
|
rclone
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinf…
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-41179
|
2026-04-28 03:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
- |
|
-
|
-
|
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3837
|
2026-04-28 03:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
4.9 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../…
|
CWE-22
Path Traversal
|
CVE-2026-4917
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the int…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4918
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4919
|
2026-04-28 03:11 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
5.3 |
MEDIUM
Network
|
oracle
|
goldengate
|
Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access v…
|
CWE-200
Information Exposure
|
CVE-2026-34273
|
2026-04-28 03:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_customer_screening
|
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0.…
|
CWE-285
Improper Authorization
|
CVE-2026-34320
|
2026-04-28 03:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
