|
631
|
- |
|
-
|
-
|
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat…
|
CWE-22
CWE-494
Path Traversal
Download of Code Without Integrity Check
|
CVE-2026-42249
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-25852
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41220
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
|
CWE-123
Write-what-where Condition
|
CVE-2026-41952
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
8.4 |
HIGH
Local
|
-
|
-
|
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, get…
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-7111
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2025-56534
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2025-56535
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2025-56536
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual…
|
CWE-79
Cross-site Scripting
|
CVE-2025-56537
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
7.8 |
HIGH
Local
|
-
|
-
|
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
|
CWE-20
CWE-269
Improper Input Validation
Improper Privilege Management
|
CVE-2026-30769
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
