|
361
|
8.1 |
HIGH
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()`…
New
|
CWE-22
Path Traversal
|
CVE-2026-41058
|
2026-04-25 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
7.1 |
HIGH
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e64aad` is incomplete. Two separate code paths still reflect arbitrary `Origin` …
New
|
CWE-346
Origin Validation Error
|
CVE-2026-41057
|
2026-04-25 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
7.8 |
HIGH
Local
|
-
|
-
|
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with …
New
|
CWE-78
OS Command
|
CVE-2026-40517
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
8.1 |
HIGH
Network
|
-
|
-
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in Gra…
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-41175
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41312
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a…
New
|
CWE-834
Excessive Iteration
|
CVE-2026-41313
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41314
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
5.5 |
MEDIUM
Network
|
-
|
-
|
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could uploa…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-36074
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
2.7 |
LOW
Network
|
-
|
-
|
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-1272
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
4.9 |
MEDIUM
Network
|
-
|
-
|
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.
New
|
CWE-840
Business Logic Errors
|
CVE-2026-1274
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
