|
901
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file …
New
|
CWE-200
CWE-538
Information Exposure
File and Directory Information Exposure
|
CVE-2026-7071
|
2026-04-27 10:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7070
|
2026-04-27 10:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argum…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7069
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack ca…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7068
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argumen…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7067
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulati…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7066
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the comp…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7065
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
9.3 |
CRITICAL
Network
|
-
|
-
|
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…
New
|
CWE-656
Reliance on Security Through Obscurity
|
CVE-2026-42363
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
7.5 |
HIGH
Network
|
libexpat_project
|
libexpat
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Update
|
CWE-331
Insufficient Entropy
|
CVE-2026-41080
|
2026-04-27 07:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attac…
New
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
