|
2591
|
7.7 |
HIGH
Network
|
kyverno
|
kyverno
|
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41068
|
2026-04-28 02:48 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2592
|
6.1 |
MEDIUM
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot…
|
CWE-193
Off-by-one Error
|
CVE-2026-40254
|
2026-04-28 02:44 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2593
|
5.5 |
MEDIUM
Local
|
angryip
|
angry_ip_scanner
|
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25262
|
2026-04-28 02:30 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2594
|
7.8 |
HIGH
Local
|
lizardsystems
|
lanspy
|
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attac…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25265
|
2026-04-28 02:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2595
|
5.5 |
MEDIUM
Local
|
angryip
|
angry_ip_scanner
|
Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25266
|
2026-04-28 02:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2596
|
7.8 |
HIGH
Local
|
lizardsystems
|
lanspy
|
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payloa…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25268
|
2026-04-28 02:25 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2597
|
9.8 |
CRITICAL
Network
|
thinkphp
|
thinkphp
|
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can c…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-25270
|
2026-04-28 02:20 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2598
|
5.5 |
MEDIUM
Local
|
helios
|
textpad
|
Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attacke…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-25271
|
2026-04-28 02:13 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2599
|
9.8 |
CRITICAL
Network
|
dell
|
powerprotect_dp_series_appliance
data_domain_operating_system
|
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0…
|
CWE-121
CWE-787
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-26354
|
2026-04-28 02:09 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2600
|
9.1 |
CRITICAL
Network
|
espocrm
|
espocrm
|
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an au…
|
CWE-22
Path Traversal
|
CVE-2026-33656
|
2026-04-28 02:04 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
