|
651
|
9.8 |
CRITICAL
Network
|
rclone
|
rclone
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41176
|
2026-04-28 03:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
5.3 |
MEDIUM
Local
|
samsung
|
one
|
Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.
Affected version is prior to commit 1.30.0.
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40448
|
2026-04-28 03:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
9.8 |
CRITICAL
Network
|
rclone
|
rclone
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinf…
Update
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-41179
|
2026-04-28 03:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
- |
|
-
|
-
|
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-3837
|
2026-04-28 03:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
4.9 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../…
Update
|
CWE-22
Path Traversal
|
CVE-2026-4917
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the int…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4918
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4919
|
2026-04-28 03:11 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
5.3 |
MEDIUM
Network
|
oracle
|
goldengate
|
Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access v…
Update
|
CWE-200
Information Exposure
|
CVE-2026-34273
|
2026-04-28 03:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_customer_screening
|
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0.…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-34320
|
2026-04-28 03:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_transaction_filtering
|
Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-35231
|
2026-04-28 03:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
