|
931
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_key_lifecycle_manager
|
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1
Update
|
CWE-269
NVD-CWE-noinfo
Improper Privilege Management
|
CVE-2026-1726
|
2026-04-28 03:21 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
6.6 |
MEDIUM
Local
|
samsung
|
one
|
Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors.
Affected version is prior to commit …
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40450
|
2026-04-28 03:21 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
6.6 |
MEDIUM
Local
|
samsung
|
one
|
Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE.
Affected version is prior to commit 1.30.0.
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40449
|
2026-04-28 03:21 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
9.8 |
CRITICAL
Network
|
rclone
|
rclone
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41176
|
2026-04-28 03:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
5.3 |
MEDIUM
Local
|
samsung
|
one
|
Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.
Affected version is prior to commit 1.30.0.
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40448
|
2026-04-28 03:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
9.8 |
CRITICAL
Network
|
rclone
|
rclone
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinf…
Update
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-41179
|
2026-04-28 03:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
- |
|
-
|
-
|
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-3837
|
2026-04-28 03:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
4.9 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../…
Update
|
CWE-22
Path Traversal
|
CVE-2026-4917
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the int…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4918
|
2026-04-28 03:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
4.8 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4919
|
2026-04-28 03:11 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
