|
1101
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2025-69428
|
2026-04-29 01:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1102
|
7.5 |
HIGH
Network
|
-
|
-
|
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthen…
|
CWE-377
CWE-532
Insecure Temporary File
Inclusion of Sensitive Information in Log Files
|
CVE-2025-67223
|
2026-04-29 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1103
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Cl…
|
-
|
CVE-2025-60887
|
2026-04-29 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1104
|
8.1 |
HIGH
Adjacent
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
Syzbot reported a KASAN stack-out-of-bounds read in l2cap_…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31513
|
2026-04-29 01:15 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1105
|
7.5 |
HIGH
Network
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function e…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33662
|
2026-04-29 00:48 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1106
|
8.8 |
HIGH
Network
|
deskflow
|
deskflow
|
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds re…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-41476
|
2026-04-29 00:47 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1107
|
7.8 |
HIGH
Local
|
deskflow
|
deskflow
|
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes pr…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-41477
|
2026-04-29 00:46 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1108
|
6.1 |
MEDIUM
Network
|
cyberpanel
|
cyberpanel
|
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows una…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41472
|
2026-04-29 00:45 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1109
|
9.1 |
CRITICAL
Network
|
cyberpanel
|
cyberpanel
|
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the da…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41473
|
2026-04-29 00:44 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1110
|
6.5 |
MEDIUM
Network
|
langchain
|
langchain-text-splitters
|
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters
1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using valid…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41481
|
2026-04-29 00:43 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
