|
491
|
6.2 |
MEDIUM
Local
|
-
|
-
|
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25305
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
6.2 |
MEDIUM
Local
|
-
|
-
|
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25306
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
7.2 |
HIGH
Network
|
-
|
-
|
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can creat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2018-25309
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and e…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2025-50328
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.
Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the c…
New
|
CWE-200
CWE-441
CWE-913
Information Exposure
Confused Deputy
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-7381
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
7.1 |
HIGH
Network
|
-
|
-
|
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-13030
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
- |
|
-
|
-
|
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja…
New
|
CWE-611
XXE
|
CVE-2024-39847
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
7.1 |
HIGH
Local
|
-
|
-
|
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-22070
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
- |
|
-
|
-
|
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely
processes the parameter on the client side, allowing an attacker to execute arbitrary
JavaScript …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1493
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.
The session id is generated from summing the character codepoints of the absolute pathname with the proce…
New
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5080
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
