|
351
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-con…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-35512
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
- |
|
-
|
-
|
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentia…
New
|
CWE-284
Improper Access Control
|
CVE-2026-35402
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33689
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
6.3 |
MEDIUM
Network
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrd…
New
|
CWE-78
OS Command
|
CVE-2026-33145
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates …
New
|
CWE-78
OS Command
|
CVE-2026-23500
|
2026-04-18 06:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
7.5 |
HIGH
Network
|
-
|
-
|
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40461
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
Anviz CrossChex Standard
lacks source verification in the client/server channel, enabling TCP
packet injection by an attacker on the same network to alter or disrupt
application traffic.
New
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2026-40434
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a files…
New
|
CWE-22
CWE-73
CWE-94
CWE-427
Path Traversal
External Control of File Name or Path
Code Injection
Uncontrolled Search Path Element
|
CVE-2026-40342
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40283
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
8.8 |
HIGH
Network
|
-
|
-
|
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-40066
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
