|
361
|
8.1 |
HIGH
Local
|
-
|
-
|
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the re…
Update
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-40960
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-40504
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
4.9 |
MEDIUM
Local
|
-
|
-
|
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-40962
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
7.4 |
HIGH
Local
|
-
|
-
|
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release…
Update
|
CWE-78
OS Command
|
CVE-2026-41015
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
8.8 |
HIGH
Local
|
-
|
-
|
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6348
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
- |
|
-
|
-
|
The
iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
Update
|
CWE-78
OS Command
|
CVE-2026-6349
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6350
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
7.5 |
HIGH
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
Update
|
CWE-93
CRLF Injection
|
CVE-2026-6351
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
8.8 |
HIGH
Network
|
-
|
-
|
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, i…
Update
|
CWE-1242
Inclusion of Undocumented Features or Chicken Bits
|
CVE-2023-3634
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
Update
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2023-5872
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
