|
1391
|
8.2 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28224
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cs…
|
CWE-120
CWE-502
Classic Buffer Overflow
Deserialization of Untrusted Data
|
CVE-2026-33337
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
- |
|
-
|
-
|
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classi…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-32105
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
8.8 |
HIGH
Local
|
-
|
-
|
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management c…
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2026-32107
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the mo…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32623
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrd…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32624
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
- |
|
-
|
-
|
xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before valida…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33516
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding…
|
CWE-228
Improper Handling of Syntactically Invalid Structure
|
CVE-2026-34232
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a…
|
CWE-369
Divide By Zero
|
CVE-2026-35215
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-40283
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
