|
2251
|
9.9 |
CRITICAL
Network
|
simple-help
|
simplehelp
|
El software de soporte remoto SimpleHelp v5.5.7 y versiones anteriores tiene una vulnerabilidad que permite a los técnicos con pocos privilegios crear claves API con permisos excesivos. Estas claves…
|
NVD-CWE-noinfo
CWE-862
Missing Authorization
|
CVE-2024-57726
|
2026-04-25 04:26 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2252
|
7.5 |
HIGH
Network
|
xiangshan
|
nemu
|
NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decodin…
|
CWE-131
CWE-1287
Incorrect Calculation of Buffer Size
Improper Validation of Specified Type of Input
|
CVE-2026-29645
|
2026-04-25 04:25 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2253
|
9.8 |
CRITICAL
Network
|
xiangshan
|
nemu
|
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode w…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-29649
|
2026-04-25 04:23 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2254
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The im…
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-35381
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2255
|
6.5 |
MEDIUM
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is dir…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-33431
|
2026-04-25 04:19 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2256
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it throu…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35364
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2257
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typicall…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-35367
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2258
|
7.8 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before drop…
|
CWE-426
Untrusted Search Path
|
CVE-2026-35368
|
2026-04-25 04:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2259
|
9.1 |
CRITICAL
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search …
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-33432
|
2026-04-25 04:18 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2260
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint()
array_index_nospec() is no use if the result gets spilled to the stack, as
…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
