|
921
|
6.1 |
MEDIUM
Network
|
-
|
-
|
ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2018-25269
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can c…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-25270
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attacke…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25271
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to …
New
|
CWE-326
Inadequate Encryption Strength
|
CVE-2018-25272
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
6.5 |
MEDIUM
Network
|
-
|
-
|
DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/…
New
|
CWE-22
Path Traversal
|
CVE-2026-32885
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
7.3 |
HIGH
Local
|
-
|
-
|
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not …
New
|
CWE-22
Path Traversal
|
CVE-2026-35338
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
5.5 |
MEDIUM
Local
|
-
|
-
|
The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure o…
New
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-35339
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the l…
New
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-35340
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
3.3 |
LOW
Local
|
-
|
-
|
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa…
New
|
CWE-377
Insecure Temporary File
|
CVE-2026-35342
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
3.3 |
LOW
Local
|
-
|
-
|
The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl…
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-35343
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
