|
1181
|
9.4 |
CRITICAL
Network
|
dgraph
|
dgraph
|
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered o…
|
CWE-200
CWE-215
CWE-522
Information Exposure
Insertion of Sensitive Information Into Debugging Code
Insufficiently Protected Credentials
|
CVE-2026-40173
|
2026-04-26 03:27 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
7.8 |
HIGH
Local
|
getcomposer
|
composer
|
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs she…
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-40176
|
2026-04-26 03:24 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
6.1 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
sanitize-html
|
ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasse…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40186
|
2026-04-26 03:15 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
8.8 |
HIGH
Network
|
getcomposer
|
composer
|
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $source…
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-40261
|
2026-04-26 03:12 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
8.1 |
HIGH
Network
|
hashicorp
|
vault
|
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulne…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-3605
|
2026-04-26 03:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2025-52660
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
HCL AION está afectado por una vulnerabilidad de carga de archivos sin restricciones. Esto puede permitir cargas de archivos maliciosos, lo que podría resultar en ejecución de código no autorizada o …
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2025-52660
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
5.3 |
MEDIUM
Network
|
hcltech
|
aion
|
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibili…
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-55249
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
5.3 |
MEDIUM
Network
|
hcltech
|
aion
|
HCL AION está afectado por una vulnerabilidad de encabezados de respuesta de seguridad faltantes. La ausencia de encabezados de seguridad estándar puede debilitar la postura de seguridad general de l…
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-55249
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-55251
|
2026-04-26 03:05 |
2026-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
