High
CVSS: 8.6
Yayın: 2026-04-24 13:16:21
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of…
Medium
CVSS: 6.5
Yayın: 2026-04-24 13:16:21
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without…
Medium
CVSS: 4.3
Yayın: 2026-04-24 13:16:21
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and asset…
Medium
CVSS: 4.3
Yayın: 2026-04-24 13:16:21
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their reque…
Critical
CVSS: 9.9
Yayın: 2026-04-24 13:16:03
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
High
CVSS: 8.8
Yayın: 2026-04-24 12:17:07
P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no p…
Low
CVSS: 2.4
Yayın: 2026-04-24 12:17:07
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execut…
Unknown
CVSS: -
Yayın: 2026-04-24 12:17:06
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.
This issue affects Apache DolphinScheduler versi…
Unknown
CVSS: -
Yayın: 2026-04-24 11:16:22
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.
An authenticated attacker can use the admin web console page to construct a malicious…
Unknown
CVSS: -
Yayın: 2026-04-24 11:16:22
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.
An authenticated attacker can show malicious content when browsing queues in the web console by overriding the conte…
Unknown
CVSS: -
Yayın: 2026-04-24 11:16:22
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connecto…
Unknown
CVSS: -
Yayın: 2026-04-24 11:16:21
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.
This issue affects Apache DolphinScheduler:
Version >= 3.2.0 and < 3.3.1.
Attackers who can access the Master or Worker nodes can compromise the system by crea…
High
CVSS: 8.5
Yayın: 2026-04-24 09:16:04
A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest.
1. Obtain any valid token with only read scope.
2. Connect to the norma…
High
CVSS: 7.5
Yayın: 2026-04-24 09:16:03
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.
Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18)…
Medium
CVSS: 6.4
Yayın: 2026-04-24 08:16:30
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to and including 1.8.2. This is due to insufficient inp…
Medium
CVSS: 5.3
Yayın: 2026-04-24 08:16:30
The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_read() permission callback unconditionally returns tr…
Medium
CVSS: 4.3
Yayın: 2026-04-24 08:16:30
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnix_delete_my_account() function, where the check_ajax_referer() call is ex…
Medium
CVSS: 4.3
Yayın: 2026-04-24 08:16:29
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it po…
Critical
CVSS: 9.8
Yayın: 2026-04-24 07:16:09
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
Critical
CVSS: 9.8
Yayın: 2026-04-24 07:16:09
Delta Electronics AS320T has no checking of the length of the buffer with the directory name
vulnerability.