|
821
|
- |
|
-
|
-
|
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter
Versions Affected: from 2.6.3 to 2.8.6
Description:
In production deployments where an admin…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40557
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
- |
|
-
|
-
|
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
New
|
CWE-278
Insecure Preserved Inherited Permissions
|
CVE-2026-6265
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
- |
|
-
|
-
|
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
New
|
-
|
CVE-2026-30350
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sy…
New
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-40514
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
- |
|
-
|
-
|
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally defe…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-6357
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
7.5 |
HIGH
Network
|
-
|
-
|
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
New
|
CWE-22
Path Traversal
|
CVE-2026-30351
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
New
|
CWE-77
Command Injection
|
CVE-2026-30352
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
8.8 |
HIGH
Local
|
-
|
-
|
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploi…
New
|
CWE-269
Improper Privilege Management
|
CVE-2025-69689
|
2026-04-28 03:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
6.2 |
MEDIUM
Local
|
-
|
-
|
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a …
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25264
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
6.2 |
MEDIUM
Local
|
-
|
-
|
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malic…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25273
|
2026-04-28 03:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
