|
2901
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sy…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-40514
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
- |
|
-
|
-
|
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally defe…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-6357
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
7.5 |
HIGH
Network
|
-
|
-
|
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
|
CWE-22
Path Traversal
|
CVE-2026-30351
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
|
CWE-77
Command Injection
|
CVE-2026-30352
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
8.8 |
HIGH
Local
|
-
|
-
|
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploi…
|
CWE-269
Improper Privilege Management
|
CVE-2025-69689
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
6.2 |
MEDIUM
Local
|
-
|
-
|
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a …
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25264
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
6.2 |
MEDIUM
Local
|
-
|
-
|
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malic…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25273
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
6.2 |
MEDIUM
Local
|
-
|
-
|
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file conta…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2018-25274
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
5.5 |
MEDIUM
Local
|
-
|
-
|
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-by…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25276
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
6.2 |
MEDIUM
Local
|
-
|
-
|
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a paylo…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25277
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
