|
2921
|
6.2 |
MEDIUM
Local
|
-
|
-
|
StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25288
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2922
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger th…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25289
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2923
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the v…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25290
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2924
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25291
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2925
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Cam…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25297
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2926
|
- |
|
-
|
-
|
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python version…
|
CWE-22
Path Traversal
|
CVE-2026-41140
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2927
|
2.2 |
LOW
Network
|
-
|
-
|
@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transfo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41321
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2928
|
5.3 |
MEDIUM
Network
|
-
|
-
|
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 er…
|
CWE-525
Use of Web Browser Cache Containing Sensitive Information
|
CVE-2026-41322
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2929
|
8.8 |
HIGH
Local
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/n…
|
CWE-78
CWE-79
OS Command
Cross-site Scripting
|
CVE-2026-41421
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2930
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause — a redundan…
|
CWE-22
Path Traversal
|
CVE-2026-41894
|
2026-04-28 03:53 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
