|
1741
|
9.9 |
CRITICAL
Network
|
microsoft
|
azure_iot_central
|
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
|
CWE-200
Information Exposure
|
CVE-2026-21515
|
2026-04-28 04:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1742
|
6.5 |
MEDIUM
Network
|
frappe
|
frappe_hr
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting…
|
CWE-284
Improper Access Control
|
CVE-2026-40888
|
2026-04-28 04:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1743
|
6.5 |
MEDIUM
Network
|
frappe
|
frappe_hr
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Ver…
|
CWE-284
Improper Access Control
|
CVE-2026-40889
|
2026-04-28 04:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1744
|
6.5 |
MEDIUM
Network
|
frappe
|
frappe_hr
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, al…
|
CWE-89
SQL Injection
|
CVE-2026-41320
|
2026-04-28 04:38 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1745
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41312
|
2026-04-28 04:31 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1746
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a…
|
CWE-834
Excessive Iteration
|
CVE-2026-41313
|
2026-04-28 04:30 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1747
|
6.5 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41314
|
2026-04-28 04:29 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1748
|
9.1 |
CRITICAL
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabl…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-40575
|
2026-04-28 04:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1749
|
8.2 |
HIGH
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-41059
|
2026-04-28 04:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1750
|
8.8 |
HIGH
Network
|
pyload
|
pyload
|
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize reques…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41133
|
2026-04-28 04:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
