4.6

CVSS3.1

CVE-2026-33657 - EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-administrative) privileges to inject arbitrary HTML into system-generated email notifications by craftingโ€ฆ

๐Ÿ“… Published: April 13, 2026, 7:41 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 9:16 p.m.

5.3

CVSS4.0

CVE-2026-6215 - DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been madโ€ฆ

๐Ÿ“… Published: April 13, 2026, 7:30 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 8:16 p.m.

4.3

CVSS3.1

CVE-2026-33534 - EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation (e.g., 01โ€ฆ

๐Ÿ“… Published: April 13, 2026, 7:20 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 8:16 p.m.

5.3

CVSS4.0

CVE-2026-6202 - code-projects Easy Blog Site post.php sql injection

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used โ€ฆ

๐Ÿ“… Published: April 13, 2026, 7:15 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 8:49 p.m.

5.3

CVSS4.0

CVE-2026-6201 - CodeAstro Online Job Portal Delete Job Posting job-delete.php access control

A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. Tโ€ฆ

๐Ÿ“… Published: April 13, 2026, 7 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 8:16 p.m.

7.5

CVSS3.1

CVE-2026-32605 - Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num_validators(). Proposaโ€ฆ

๐Ÿ“… Published: April 13, 2026, 6:54 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 8:16 p.m.

8.7

CVSS4.0

CVE-2026-6200 - Tenda F456 webtypelibrary formwebtypelibrary stack-based overflow

A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publiclyโ€ฆ

๐Ÿ“… Published: April 13, 2026, 6:45 p.m. ๐Ÿ”„ Last Modified: April 14, 2026, 1:07 p.m.

8.7

CVSS4.0

CVE-2026-6199 - Tenda F456 qossetting fromqossetting stack-based overflow

A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.

๐Ÿ“… Published: April 13, 2026, 6:30 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 7:16 p.m.

8.7

CVSS4.0

CVE-2026-6198 - Tenda F456 NatStaticSetting fromNatStaticSetting stack-based overflow

A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosedโ€ฆ

๐Ÿ“… Published: April 13, 2026, 6:15 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 7:16 p.m.

9.3

CVSS4.0

CVE-2026-40044 - Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, whicโ€ฆ

๐Ÿ“… Published: April 13, 2026, 6:11 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 7:16 p.m.
Total resulsts: 344670
Page 51 of 34,467
ยซ previous page ยป next page
Filters