|
641
|
8.0 |
HIGH
Network
|
-
|
-
|
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned…
|
CWE-863
Incorrect Authorization
|
CVE-2026-5712
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
|
CWE-59
Link Following
|
CVE-2026-27105
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attacker…
|
CWE-352
Origin Validation Error
|
CVE-2018-25298
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
8.4 |
HIGH
Local
|
-
|
-
|
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malici…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25299
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
6.2 |
MEDIUM
Local
|
-
|
-
|
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25305
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
6.2 |
MEDIUM
Local
|
-
|
-
|
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25306
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and e…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2025-50328
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.
Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the c…
|
CWE-200
CWE-441
CWE-913
Information Exposure
Confused Deputy
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-7381
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
7.1 |
HIGH
Network
|
-
|
-
|
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-13030
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
- |
|
-
|
-
|
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja…
|
CWE-611
XXE
|
CVE-2024-39847
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
