|
5221
|
7.5 |
HIGH
Network
|
lxml
|
lxml
|
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML in…
|
CWE-611
XXE
|
CVE-2026-41066
|
2026-04-28 02:59 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5222
|
7.7 |
HIGH
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user wit…
|
CWE-617
Reachable Assertion
|
CVE-2026-41485
|
2026-04-28 02:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5223
|
9.1 |
CRITICAL
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attache…
|
CWE-200
CWE-918
Information Exposure
Server-Side Request Forgery (SSRF)
|
CVE-2026-41323
|
2026-04-28 02:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5224
|
7.5 |
HIGH
Network
|
patrickjuchli
|
basic-ftp
|
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A mal…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41324
|
2026-04-28 02:48 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5225
|
7.7 |
HIGH
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41068
|
2026-04-28 02:48 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5226
|
6.1 |
MEDIUM
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot…
|
CWE-193
Off-by-one Error
|
CVE-2026-40254
|
2026-04-28 02:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5227
|
5.5 |
MEDIUM
Local
|
angryip
|
angry_ip_scanner
|
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25262
|
2026-04-28 02:30 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5228
|
7.8 |
HIGH
Local
|
lizardsystems
|
lanspy
|
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attac…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25265
|
2026-04-28 02:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5229
|
5.5 |
MEDIUM
Local
|
angryip
|
angry_ip_scanner
|
Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25266
|
2026-04-28 02:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5230
|
7.8 |
HIGH
Local
|
lizardsystems
|
lanspy
|
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payloa…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25268
|
2026-04-28 02:25 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
