|
1511
|
10.0 |
CRITICAL
Network
|
praison
|
praisonaiagents
|
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-34938
|
2026-04-15 03:07 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1512
|
6.5 |
MEDIUM
Network
|
rti
|
connext_professional
|
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6…
|
CWE-126
CWE-125
Buffer Over-read
Out-of-bounds Read
|
CVE-2026-2394
|
2026-04-15 03:00 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1513
|
6.5 |
MEDIUM
Network
|
rti
|
connext_professional
|
Vulnerabilidad de lectura excesiva de búfer en RTI Connext Professional (Core Libraries) permite la lectura excesiva de búferes. Este problema afecta a Connext Professional: desde 7.4.0 antes de 7.7.…
|
CWE-126
CWE-125
Buffer Over-read
Out-of-bounds Read
|
CVE-2026-2394
|
2026-04-15 03:00 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1514
|
5.4 |
MEDIUM
Network
|
jexactyl
|
jexactyl
|
Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side obje…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33061
|
2026-04-15 02:56 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1515
|
5.4 |
MEDIUM
Network
|
jexactyl
|
jexactyl
|
exactyl es un panel de gestión de juegos y sistema de facturación personalizable. Commits después de 025e8dbb0daaa04054276bda814d922cf4af58da y antes de e28edb204e80efab628d1241198ea4f079779cfd inyec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33061
|
2026-04-15 02:56 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1516
|
7.8 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricte…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-3775
|
2026-04-15 02:56 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1517
|
7.8 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
El servicio de actualización de la aplicación, al buscar actualizaciones, carga ciertas bibliotecas del sistema desde una ruta de búsqueda que incluye directorios escribibles por usuarios con pocos p…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-3775
|
2026-04-15 02:56 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1518
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code cont…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-3776
|
2026-04-15 02:55 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1519
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
La aplicación no valida la presencia de los datos de apariencia (AP) requeridos antes de acceder a los recursos de anotación de sello. Cuando un PDF contiene una anotación de sello a la que le falta …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-3776
|
2026-04-15 02:55 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1520
|
7.8 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom propert…
|
CWE-416
Use After Free
|
CVE-2026-3777
|
2026-04-15 02:54 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
