|
751
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a…
Update
|
CWE-834
Excessive Iteration
|
CVE-2026-41313
|
2026-04-28 04:30 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41314
|
2026-04-28 04:29 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
9.1 |
CRITICAL
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabl…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-40575
|
2026-04-28 04:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
8.2 |
HIGH
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when …
Update
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-41059
|
2026-04-28 04:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
8.8 |
HIGH
Network
|
pyload
|
pyload
|
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize reques…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41133
|
2026-04-28 04:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
8.2 |
HIGH
Network
|
minio
|
minio
|
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-…
Update
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-40344
|
2026-04-28 04:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
8.2 |
HIGH
Network
|
minio
|
minio
|
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNS…
Update
|
CWE-287
Improper Authentication
|
CVE-2026-41145
|
2026-04-28 04:27 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
8.1 |
HIGH
Network
|
statamic
|
statamic
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in Gra…
Update
|
CWE-470
Unsafe Reflection
|
CVE-2026-41175
|
2026-04-28 04:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.
Affected: Spring Boot 4.0.0–4…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40970
|
2026-04-28 04:26 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
- |
|
-
|
-
|
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation b…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4313
|
2026-04-28 04:23 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
