|
3911
|
- |
|
-
|
-
|
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python version…
|
CWE-22
Path Traversal
|
CVE-2026-41140
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3912
|
2.2 |
LOW
Network
|
-
|
-
|
@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transfo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41321
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3913
|
5.3 |
MEDIUM
Network
|
-
|
-
|
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 er…
|
CWE-525
Use of Web Browser Cache Containing Sensitive Information
|
CVE-2026-41322
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3914
|
8.8 |
HIGH
Local
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/n…
|
CWE-78
CWE-79
OS Command
Cross-site Scripting
|
CVE-2026-41421
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3915
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundan…
|
CWE-22
Path Traversal
|
CVE-2026-41894
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3916
|
8.4 |
HIGH
Local
|
-
|
-
|
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attacker…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25263
|
2026-04-28 03:53 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3917
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25275
|
2026-04-28 03:53 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3918
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a ma…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25292
|
2026-04-28 03:53 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3919
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional …
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25293
|
2026-04-28 03:53 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3920
|
7.5 |
HIGH
Network
|
-
|
-
|
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25294
|
2026-04-28 03:53 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
