|
121
|
8.4 |
HIGH
Local
|
-
|
-
|
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malici…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25299
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
6.2 |
MEDIUM
Local
|
-
|
-
|
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25305
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
6.2 |
MEDIUM
Local
|
-
|
-
|
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25306
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
7.2 |
HIGH
Network
|
-
|
-
|
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can creat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2018-25309
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and e…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2025-50328
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.
Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the c…
New
|
CWE-200
CWE-441
CWE-913
Information Exposure
Confused Deputy
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-7381
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
7.1 |
HIGH
Network
|
-
|
-
|
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-13030
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
- |
|
-
|
-
|
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja…
New
|
CWE-611
XXE
|
CVE-2024-39847
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary webs…
New
|
CWE-601
Open Redirect
|
CVE-2026-41226
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
7.1 |
HIGH
Local
|
-
|
-
|
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-22070
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
