--===============3056810512375672517==
Content-Type: multipart/alternative; boundary="===============7202057243258474346=="
MIME-Version: 1.0

--===============7202057243258474346==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Cybersecurity and Infrastructure Security Agency (CISA)

You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrast= ructure Security Agency. This information has recently been updated and is = now available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities t= hat have been recorded in the past week. In some cases, the vulnerabilities=
in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the=C2=A0Common Vulnerabilities and Exposures =
[ https://www.cve.org/ ]=C2=A0(CVE) vulnerability naming standard and are o= rganized according to severity, determined by the=C2=A0Common Vulnerability=
Scoring System [ https://www.cve.org/about/relatedefforts ]=C2=A0(CVSS) st= andard. The division of high, medium, and low severities correspond to the = following scores:


* *High*: vulnerabilities with a CVSS base score of 7.0=E2=80=9310.0=20
* *Medium*: vulnerabilities with a CVSS base score of 4.0=E2=80=936.9=20
* *Low*: vulnerabilities with a CVSS base score of 0.0=E2=80=933.9=20

Entries may include additional information provided by organizations and ef= forts sponsored by CISA. This information may include identifying informati= on, values, definitions, and related links. Patch information is provided w= hen available. Please note that some of the information in the bulletin is = compiled from external, open-source reports and is not a direct result of C= ISA analysis.

Vulnerability Summary for the Week of April 20, 2026 [ https://www.cisa.gov= /news-events/bulletins/sb26-117 ]

04/27/2026 2:30 PM EDT=20
High Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info T= hinkphp--ThinkPHP ThinkPHP 5.0.23 contains a remote code execution vulnerab= ility that allows unauthenticated attackers to execute arbitrary PHP code b=
y invoking functions through the routing parameter. Attackers can craft req= uests to the index.php endpoint with malicious function parameters to execu=
te system commands with application privileges. 2026-04-22 9.8 CVE-2018-252=
70 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25270 ] ExploitDB-45978 [ = https://www.exploit-db.com/exploits/45978 ]
Official Product Homepage [ https://thinkphp.cn ]
Product Reference [ https://github.com/top-think/framework/ ]
VulnCheck Advisory: ThinkPHP 5.0.23 Remote Code Execution via invokefunctio=
n [ https://www.vulncheck.com/advisories/thinkphp-remote-code-execution-via= -invokefunction ]
=C2=A0 Elba--ELBA5 ELBA5 5.8.0 contains a remote code execution vulnerabili=
ty that allows attackers to obtain database credentials and execute arbitra=
ry commands with SYSTEM level permissions. Attackers can connect to the dat= abase using default connector credentials, decrypt the DBA password, and ex= ecute commands via the xp_cmdshell stored procedure or add backdoor users t=
o the BEDIENER table. 2026-04-22 9.8 CVE-2018-25272 [ https://www.cve.org/C= VERecord?id=3DCVE-2018-25272 ] ExploitDB-45905 [ https://www.exploit-db.com= /exploits/45905 ]
Official Product Homepage [ https://www.elba.at ]
VulnCheck Advisory: ELBA5 5.8.0 Remote Code Execution via Database Access [=
https://www.vulncheck.com/advisories/elba5-remote-code-execution-via-datab= ase-access ]
=C2=A0 Lizardsystems--Terminal Services Manager Terminal Services Manager 3=
.1 contains a stack-based buffer overflow vulnerability in the computer nam=
es field that allows local attackers to execute arbitrary code by triggerin=
g structured exception handling. Attackers can craft a malicious input file=
with shellcode and jump instructions that overwrite the SEH handler pointe=
r to execute calc.exe or other payloads when imported through the add compu= ters wizard. 2026-04-22 8.4 CVE-2018-25259 [ https://www.cve.org/CVERecord?= id=3DCVE-2018-25259 ] ExploitDB-46058 [ https://www.exploit-db.com/exploits= /46058 ]
Official Product Homepage [ https://lizardsystems.com ]
VulnCheck Advisory: Terminal Services Manager 3.1 Buffer Overflow SEH [ htt= ps://www.vulncheck.com/advisories/terminal-services-manager-buffer-overflow= -seh ]
=C2=A0 Magix--MAGIX Music Editor MAGIX Music Editor 3.1 contains a buffer o= verflow vulnerability in the FreeDB Proxy Options dialog that allows local = attackers to execute arbitrary code by exploiting structured exception hand= ling. Attackers can craft a malicious payload, paste it into the Server fie=
ld via the CD menu's FreeDB Proxy Options, and trigger code execution when = settings are accepted. 2026-04-22 8.4 CVE-2018-25260 [ https://www.cve.org/= CVERecord?id=3DCVE-2018-25260 ] ExploitDB-46056 [ https://www.exploit-db.co= m/exploits/46056 ]
Official Product Homepage [ https://www.magix.com/us/ ]
Product Reference [ https://www.magix.com/us/music/mp3-deluxe/ ]
VulnCheck Advisory: MAGIX Music Editor 3.1 Buffer Overflow via SEH [ https:= //www.vulncheck.com/advisories/magix-music-editor-buffer-overflow-via-seh ] =C2=A0 Iperiusbackup--Iperius Backup Iperius Backup 5.8.1 contains a local = buffer overflow vulnerability in the structured exception handling (SEH) me= chanism that allows local attackers to execute arbitrary code by supplying =
a malicious file path. Attackers can create a backup job with a crafted pay= load in the external file location field that triggers a buffer overflow wh=
en the backup job executes, enabling code execution with application privil= eges. 2026-04-22 8.4 CVE-2018-25261 [ https://www.cve.org/CVERecord?id=3DCV= E-2018-25261 ] ExploitDB-46059 [ https://www.exploit-db.com/exploits/46059 ] Official Product Homepage [ https://www.iperiusbackup.com ]
VulnCheck Advisory: Iperius Backup 5.8.1 Local Buffer Overflow SEH [ https:= //www.vulncheck.com/advisories/iperius-backup-local-buffer-overflow-seh ] =C2=A0 faleemi--Faleemi Desktop Software Faleemi Desktop Software 1.8.2 con= tains a local buffer overflow vulnerability in the Device alias field that = allows local attackers to trigger a structured exception handler (SEH) over= write. Attackers can craft a malicious payload and paste it into the Device=
alias field within the Managing Log interface to execute arbitrary code wi=
th calculator proof-of-concept execution. 2026-04-26 8.4 CVE-2018-25263 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2018-25263 ] ExploitDB-45492 [ https:= //www.exploit-db.com/exploits/45492 ]
Product Reference [ http://support.faleemi.com/fsc776/Faleemi_v1.8.exe ] VulnCheck Advisory: Faleemi Desktop Software 1.8.2 Local Buffer Overflow SE=
H [ https://www.vulncheck.com/advisories/faleemi-desktop-software-local-buf= fer-overflow-seh ]
=C2=A0 Lizardsystems--LanSpy LanSpy 2.0.1.159 contains a local buffer overf= low vulnerability in the scan section that allows local attackers to execut=
e arbitrary code by exploiting structured exception handling mechanisms. At= tackers can craft malicious payloads using egghunter techniques to locate a=
nd execute shellcode, triggering code execution through SEH chain manipulat= ion and controlled jumps. 2026-04-22 8.4 CVE-2018-25265 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2018-25265 ] ExploitDB-46018 [ https://www.exploit-db= .com/exploits/46018 ]
Official Product Homepage [ https://lizardsystems.com ]
VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow [ https://www.vu= lncheck.com/advisories/lanspy-local-buffer-overflow ]
=C2=A0 Lizardsystems--LanSpy LanSpy 2.0.1.159 contains a local buffer overf= low vulnerability that allows attackers to overwrite the instruction pointe=
r by supplying oversized input to the scan field. Attackers can craft a pay= load with 688 bytes of padding followed by 4 bytes of controlled data to cr= ash the application or potentially achieve code execution. 2026-04-22 8.4 C= VE-2018-25268 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25268 ] Exploit= DB-45968 [ https://www.exploit-db.com/exploits/45968 ]
Official Product Homepage [ https://lizardsystems.com ]
VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field [=
https://www.vulncheck.com/advisories/lanspy-local-buffer-overflow-via-scan= -field ]
=C2=A0 Securimport--iSmartViewPro iSmartViewPro 1.5 contains a structured e= xception handling (SEH) buffer overflow vulnerability in the 'Save Path for=
Snapshot and Record file' field that allows local attackers to execute arb= itrary code. Attackers can input a crafted payload exceeding 260 bytes thro= ugh the System Setup interface to overwrite SEH records and execute shellco=
de with application privileges. 2026-04-26 8.4 CVE-2018-25283 [ https://www= .cve.org/CVERecord?id=3DCVE-2018-25283 ] ExploitDB-45349 [ https://www.expl= oit-db.com/exploits/45349 ]
Product Reference [ https://securimport.com/university/videovigilancia-ip/s= oftware/493-software-ismartviewpro-v1-5 ]
VulnCheck Advisory: iSmartViewPro 1.5 Buffer Overflow via SavePath Paramete=
r [ https://www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-= savepath-parameter ]
=C2=A0 Cewe-Photoworld--CEWE Photoshow CEWE Photoshow 6.3.4 contains a buff=
er overflow vulnerability in the login dialog that allows attackers to cras=
h the application by submitting oversized input. Attackers can inject 4000 = bytes of data into the email address and password fields to trigger a denia=
l of service condition. 2026-04-26 7.5 CVE-2018-25294 [ https://www.cve.org= /CVERecord?id=3DCVE-2018-25294 ] ExploitDB-45211 [ https://www.exploit-db.c= om/exploits/45211 ]
Official Product Homepage [ https://cewe-photoworld.com/ ]
Product Reference [ https://cewe-photoworld.com/creator-software/windows-do= wnload ]
VulnCheck Advisory: CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service =
[ https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denia= l-of-service ]
=C2=A0 Fortra--GoAnywhere MFT The login limit is not enforced on the=C2=A0S= FTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User atte= mpting to be logged in to is configured to log in with an SSH Key, making t=
he SSH key vulnerable to being guessed via Brute Force. 2026-04-21 7.3 CVE-= 2025-14362 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14362 ] https://fo= rtra.com/security/advisories/product-security/FI-2026-002
=C2=A0=20

Back to top [ #top ]

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info A= ngryip--Angry IP Scanner for Linux Angry IP Scanner for Linux 3.5.3 contain=
s a denial of service vulnerability that allows local attackers to crash th=
e application by supplying malformed input to the port selection field. Att= ackers can craft a malicious string containing buffer overflow patterns and=
paste it into the Preferences Ports tab to trigger an application crash. 2= 026-04-22 6.2 CVE-2018-25262 [ https://www.cve.org/CVERecord?id=3DCVE-2018-= 25262 ] ExploitDB-46038 [ https://www.exploit-db.com/exploits/46038 ]
Official Product Homepage [ https://angryip.org/ ]
VulnCheck Advisory: Angry IP Scanner for Linux 3.5.3 Denial of Service [ ht= tps://www.vulncheck.com/advisories/angry-ip-scanner-for-linux-denial-of-ser= vice ]
=C2=A0 Acutesystems--TransMac TransMac 12.2 contains a buffer overflow vuln= erability in the license key input field that allows local attackers to cra=
sh the application by submitting an oversized string. Attackers can generat=
e a payload file containing 4000 bytes of data, paste it into the License K=
ey field, and trigger a denial of service condition. 2026-04-26 6.2 CVE-201= 8-25264 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25264 ] ExploitDB-454=
93 [ https://www.exploit-db.com/exploits/45493 ]
VulnCheck Advisory: TransMac 12.2 Denial of Service via License Key Field [=
https://www.vulncheck.com/advisories/transmac-denial-of-service-via-licens= e-key-field ]
=C2=A0 Angryip--Angry IP Scanner Angry IP Scanner 3.5.3 contains a buffer o= verflow vulnerability in the preferences dialog that allows local attackers=
to crash the application by supplying an excessively large string. Attacke=
rs can generate a file containing a massive buffer of repeated characters a=
nd paste it into the unavailable value field in the display preferences to = trigger a denial of service. 2026-04-22 6.2 CVE-2018-25266 [ https://www.cv= e.org/CVERecord?id=3DCVE-2018-25266 ] ExploitDB-45993 [ https://www.exploit= -db.com/exploits/45993 ]
Official Product Homepage [ https://angryip.org ]
VulnCheck Advisory: Angry IP Scanner 3.5.3 Denial of Service via Preference=
s Buffer Overflow [ https://www.vulncheck.com/advisories/angry-ip-scanner-d= enial-of-service-via-preferences-buffer-overflow ]
=C2=A0 Ultraiso--UltraISO UltraISO 9.7.1.3519 contains a local buffer overf= low vulnerability in the Output FileName field of the Make CD/DVD Image dia= log that allows attackers to overwrite SEH and SE handler records. Attacker=
s can craft a malicious filename string with 304 bytes of data followed by = SEH record overwrite values and paste it into the Output FileName field to = trigger a denial of service crash. 2026-04-22 6.2 CVE-2018-25267 [ https://= www.cve.org/CVERecord?id=3DCVE-2018-25267 ] ExploitDB-45996 [ https://www.e= xploit-db.com/exploits/45996 ]
Official Product Homepage [ https://www.ultraiso.com/ ]
VulnCheck Advisory: UltraISO 9.7.1.3519 Buffer Overflow via Output FileName=
[ https://www.vulncheck.com/advisories/ultraiso-buffer-overflow-via-output= -filename ]
=C2=A0 icewarp--ICEWARP Client ICEWARP 11.0.0.0 contains a cross-site scrip= ting vulnerability that allows attackers to inject malicious HTML elements = into emails by embedding base64-encoded payloads in object and embed tags. = Attackers can craft emails containing data URIs with embedded scripts that = execute in the client when the email is viewed, compromising user sessions = and stealing sensitive information. 2026-04-22 6.1 CVE-2018-25269 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2018-25269 ] ExploitDB-45974 [ https://www.= exploit-db.com/exploits/45974 ]
Official Product Homepage [ http://www.icewarp.com/ ]
VulnCheck Advisory: ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML In= jection [ https://www.vulncheck.com/advisories/icewarp-cross-site-scripting= -via-email-html-injection ]
=C2=A0 Textpad--Textpad Textpad 8.1.2 contains a denial of service vulnerab= ility that allows local attackers to crash the application by supplying an = excessively long buffer string through the Run command interface. Attackers=
can paste a 5000-byte payload into the Command field via Tools > Run to tr= igger a buffer overflow that crashes the application. 2026-04-22 6.2 CVE-20= 18-25271 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25271 ] ExploitDB-45= 956 [ https://www.exploit-db.com/exploits/45956 ]
Official Product Homepage [ https://textpad.com ]
Product Reference [ https://www.textpad.com/download/v81/win32/txpeng812-32= .zip ]
VulnCheck Advisory: Textpad 8.1.2 Denial of Service via Run Command [ https= ://www.vulncheck.com/advisories/textpad-denial-of-service-via-run-command ] =C2=A0 Acutesystems--CrossFont CrossFont 7.5 contains a buffer overflow vul= nerability that allows local attackers to crash the application by submitti=
ng an oversized payload in the License Key field. Attackers can generate a = malicious file containing 4000 bytes of data, paste it into the License Key=
input field, and trigger an application crash when processing the input. 2= 026-04-26 6.2 CVE-2018-25273 [ https://www.cve.org/CVERecord?id=3DCVE-2018-= 25273 ] ExploitDB-45494 [ https://www.exploit-db.com/exploits/45494 ]
VulnCheck Advisory: CrossFont 7.5 Denial of Service via License Key Field [=
https://www.vulncheck.com/advisories/crossfont-denial-of-service-via-licen= se-key-field ]
=C2=A0 infrarecorder--InfraRecorder InfraRecorder 0.53 contains a denial of=
service vulnerability that allows local attackers to crash the application=
by importing a maliciously crafted text file. Attackers can create a text = file containing 6000 bytes of data and import it through the Edit menu's Im= port function to trigger an application crash. 2026-04-26 6.2 CVE-2018-2527=
4 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25274 ] ExploitDB-45413 [ h= ttps://www.exploit-db.com/exploits/45413 ]
VulnCheck Advisory: InfraRecorder 0.53 Denial of Service via txt File Impor=
t [ https://www.vulncheck.com/advisories/infrarecorder-denial-of-service-vi= a-txt-file-import ]
=C2=A0 faleemi--Faleemi Plus Faleemi Plus 1.0.2 contains a buffer overflow = vulnerability that allows local attackers to crash the application by suppl= ying oversized input strings. Attackers can paste a 2000-byte payload into = the Camera name and DID number fields during camera addition to trigger an = application crash. 2026-04-26 6.2 CVE-2018-25275 [ https://www.cve.org/CVER= ecord?id=3DCVE-2018-25275 ] ExploitDB-45414 [ https://www.exploit-db.com/ex= ploits/45414 ]
Product Reference [ http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.e=
xe ]
VulnCheck Advisory: Faleemi Plus 1.0.2 Denial of Service via Buffer Overflo=
w [ https://www.vulncheck.com/advisories/faleemi-plus-denial-of-service-via= -buffer-overflow ]
=C2=A0 Br-Software--PixGPS PixGPS 1.1.8 contains a buffer overflow vulnerab= ility that allows local attackers to crash the application by supplying an = oversized string to the folder path input field. Attackers can craft a payl= oad exceeding 6000 bytes and paste it into the 'Folder with picture files' = field to trigger a denial of service condition. 2026-04-26 6.2 CVE-2018-252=
77 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25277 ] ExploitDB-45381 [ = https://www.exploit-db.com/exploits/45381 ]
Product Reference [ http://www.br-software.com/pixgps11_setup.exe ]
VulnCheck Advisory: PixGPS 1.1.8 Buffer Overflow Denial of Service [ https:= //www.vulncheck.com/advisories/pixgps-buffer-overflow-denial-of-service ] =C2=A0 Picajet--PicaJet FX PicaJet FX 2.6.5 contains a denial of service vu= lnerability that allows local attackers to crash the application by submitt= ing oversized input to registration fields. Attackers can paste a 6000-byte=
buffer into the Registration Name and Registration Key fields via the Help=
menu's Register PicaJet dialog to trigger an application crash. 2026-04-26=
6.2 CVE-2018-25278 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25278 ] E= xploitDB-45383 [ https://www.exploit-db.com/exploits/45383 ]
VulnCheck Advisory: PicaJet FX 2.6.5 Denial of Service via Registration Fie= lds [ https://www.vulncheck.com/advisories/picajet-fx-denial-of-service-via= -registration-fields ]
=C2=A0 Convertimagetotext--jiNa OCR Image to Text jiNa OCR Image to Text 1.=
0 contains a denial of service vulnerability that allows local attackers to=
crash the application by processing a malformed PNG file. Attackers can cr= eate a specially crafted PNG file with an oversized buffer and trigger the = crash when the application attempts to convert the file to PDF. 2026-04-26 = 6.2 CVE-2018-25279 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25279 ] Ex= ploitDB-45380 [ https://www.exploit-db.com/exploits/45380 ]
Product Reference [ http://www.convertimagetotext.net/downloadsoftware.php ] VulnCheck Advisory: jiNa OCR Image to Text 1.0 Denial of Service via PNG [ = https://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-servi= ce-via-png ]
=C2=A0 ZenMap--ZenMap Nmap 7.70 contains a denial of service vulnerability = that allows local attackers to crash the application by processing maliciou=
s XML files with exponential entity expansion. Attackers can create a craft=
ed XML file with nested entity definitions and open it through ZenMap's sca=
n import functionality to cause the program to consume excessive system res= ources and crash. 2026-04-26 6.2 CVE-2018-25282 [ https://www.cve.org/CVERe= cord?id=3DCVE-2018-25282 ] ExploitDB-45357 [ https://www.exploit-db.com/exp= loits/45357 ]
Product Reference [ https://nmap.org/dist/nmap-7.70-setup.exe ]
VulnCheck Advisory: Nmap 7.70 Denial of Service via XML Entity Expansion [ = https://www.vulncheck.com/advisories/nmap-denial-of-service-via-xml-entity-= expansion ]
=C2=A0 Hdtune--HD Tune Pro HD Tune Pro 5.70 contains a buffer overflow vuln= erability that allows local attackers to crash the application by supplying=
an excessively long string in the folder/file name field. Attackers can tr= igger a denial of service by entering a 6000-byte payload through the File =

Options > Save dialog's folder/file name input field. 2026-04-26 6.2 CVE-=

2018-25284 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25284 ] ExploitDB-= 45298 [ https://www.exploit-db.com/exploits/45298 ]
Official Product Homepage [ https://www.hdtune.com/ ]
Product Reference [ https://www.hdtune.com/download.html ]
VulnCheck Advisory: HD Tune Pro 5.70 Denial of Service via Options Dialog [=
https://www.vulncheck.com/advisories/hd-tune-pro-denial-of-service-via-opt= ions-dialog ]
=C2=A0 Hdtune--Easy PhotoResQ Easy PhotoResQ 1.0 contains a buffer overflow=
vulnerability that allows local attackers to crash the application by supp= lying an excessively long string in the Folder/filename field. Attackers ca=
n input a 6000-byte payload through the File Options dialog to trigger a de= nial of service condition. 2026-04-26 6.2 CVE-2018-25286 [ https://www.cve.= org/CVERecord?id=3DCVE-2018-25286 ] ExploitDB-45300 [ https://www.exploit-d= b.com/exploits/45300 ]
Official Product Homepage [ https://www.hdtune.com/ ]
VulnCheck Advisory: Easy PhotoResQ 1.0 Buffer Overflow Denial of Service [ = https://www.vulncheck.com/advisories/easy-photoresq-buffer-overflow-denial-= of-service ]
=C2=A0 Editorsoftware--StyleWriter StyleWriter 1.0 contains a buffer overfl=
ow vulnerability that allows local attackers to crash the application by su= pplying an excessively long string. Attackers can paste a 6000-byte payload=
into the Pattern to Find or Advice Message fields in the Add Pattern dialo=
g to trigger a denial of service condition. 2026-04-26 6.2 CVE-2018-25288 [=
https://www.cve.org/CVERecord?id=3DCVE-2018-25288 ] ExploitDB-45250 [ http= s://www.exploit-db.com/exploits/45250 ]
Official Product Homepage [ http://www.editorsoftware.com ]
Product Reference [ http://www.editorsoftware.com/StyleWriter_Download.php ] VulnCheck Advisory: StyleWriter 1.0 Denial of Service via Pattern Input [ h= ttps://www.vulncheck.com/advisories/stylewriter-denial-of-service-via-patte= rn-input ]
=C2=A0 Ezbsystems--Softdisk Softdisk 3.0.3 contains a buffer overflow vulne= rability in the registration code dialog that allows local attackers to cra=
sh the application by supplying an oversized string. Attackers can trigger = the vulnerability by entering a 6000-byte payload in the Registration Name = field through the Help menu's Enter Registration Code dialog to cause a den= ial of service. 2026-04-26 6.2 CVE-2018-25289 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2018-25289 ] ExploitDB-45245 [ https://www.exploit-db.com/explo= its/45245 ]
Official Product Homepage [ http://www.ezbsystems.com/ ]
Product Reference [ https://www.ezbsystems.com/softdisc/download.htm ] VulnCheck Advisory: Softdisk 3.0.3 Buffer Overflow Denial of Service [ http= s://www.vulncheck.com/advisories/softdisk-buffer-overflow-denial-of-service=
]
=C2=A0 Ezbsystems--Easyboot Easyboot 6.6.0 contains a buffer overflow vulne= rability in the Replace Text function that allows local attackers to crash = the application by supplying an oversized string. Attackers can trigger the=
vulnerability by accessing File > Tools > Replace Text and pasting a 7000-= byte payload into the text fields to cause a denial of service. 2026-04-26 = 6.2 CVE-2018-25290 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25290 ] Ex= ploitDB-45241 [ https://www.exploit-db.com/exploits/45241 ]
Official Product Homepage [ http://www.ezbsystems.com/ ]
VulnCheck Advisory: Easyboot 6.6.0 Buffer Overflow Denial of Service [ http= s://www.vulncheck.com/advisories/easyboot-buffer-overflow-denial-of-service=
]
=C2=A0 Pj64-Emu--Project64 Project64 2.3.2 contains a buffer overflow vulne= rability in the Plugin Directory settings field that allows local attackers=
to crash the application by supplying an excessively long string. Attacker=
s can input a 6000-byte payload into the Plugin Directory field through the=
Options > Settings > Directories interface to trigger an application crash=
when settings are reopened. 2026-04-26 6.2 CVE-2018-25291 [ https://www.cv= e.org/CVERecord?id=3DCVE-2018-25291 ] ExploitDB-45229 [ https://www.exploit= -db.com/exploits/45229 ]
Official Product Homepage [ https://www.pj64-emu.com ]
VulnCheck Advisory: Project64 2.3.2 Denial of Service via Plugin Directory =
[ https://www.vulncheck.com/advisories/project64-denial-of-service-via-plug= in-directory ]
=C2=A0 Bome--Restorator Bome Restorator 1793 contains a buffer overflow vul= nerability that allows local attackers to crash the application by supplyin=
g an excessively long string in the Name field. Attackers can create a mali= cious payload exceeding 4000 bytes and paste it into the Name input field t=
o trigger an application crash and denial of service. 2026-04-26 6.2 CVE-20= 18-25292 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25292 ] ExploitDB-45= 223 [ https://www.exploit-db.com/exploits/45223 ]
Official Product Homepage [ https://www.bome.com/ ]
Product Reference [ https://www.bome.com/bome/downloads/Restorator2018_Full= _1793.exe ]
VulnCheck Advisory: Bome Restorator 1793 Denial of Service via Buffer Overf= low [ https://www.vulncheck.com/advisories/bome-restorator-1793-denial-of-s= ervice-via-buffer-overflow ]
=C2=A0 Mersenne--Prime95 Prime95 29.4b7 contains a buffer overflow vulnerab= ility in the PrimeNet connection dialog that allows local attackers to cras=
h the application by supplying an excessively long string in the optional p= roxy password field. Attackers can trigger a denial of service by entering =
a 6000-byte payload into the proxy password parameter, causing the applicat= ion to crash when processing the connection settings. 2026-04-26 6.2 CVE-20= 18-25293 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25293 ] ExploitDB-45= 226 [ https://www.exploit-db.com/exploits/45226 ]
Official Product Homepage [ http://www.mersenne.org ]
Product Reference [ http://www.mersenne.org/ftp_root/gimps/p95v294b7.win32.= zip ]
VulnCheck Advisory: Prime95 29.4b7 Denial of Service via Proxy Password Fie=
ld [ https://www.vulncheck.com/advisories/prime95-29-4b7-denial-of-service-= via-proxy-password-field ]
=C2=A0 P10--ObserverIP Scan Tool ObserverIP Scan Tool 1.4.0.1 contains a de= nial of service vulnerability that allows local attackers to crash the appl= ication by submitting an excessively long string in the IP input field. Att= ackers can paste a 2000-byte buffer of repeated characters into the IP fiel=
d and trigger a search operation to cause an application crash. 2026-04-26 = 6.2 CVE-2018-25295 [ https://www.cve.org/CVERecord?id=3DCVE-2018-25295 ] Ex= ploitDB-45204 [ https://www.exploit-db.com/exploits/45204 ]
Official Product Homepage [ https://www.ambientweather.com ]
Product Reference [ https://p10.secure.hostingprod.com/@site.ambientweather= store.com/ssl/iptools/IPTools64bit.exe ]
VulnCheck Advisory: ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP F= ield [ https://www.vulncheck.com/advisories/observerip-scan-tool-denial-of-= service-via-ip-field ]
=C2=A0 Wansview--Wansview Wansview 1.0.2 contains a buffer overflow vulnera= bility that allows local attackers to crash the application by supplying ov= ersized input strings. Attackers can inject 2000-byte payloads into the Cam= era name and DID number fields during camera addition to trigger applicatio=
n crashes. 2026-04-26 6.2 CVE-2018-25297 [ https://www.cve.org/CVERecord?id= =3DCVE-2018-25297 ] ExploitDB-45194 [ https://www.exploit-db.com/exploits/4= 5194 ]
VulnCheck Advisory: Wansview 1.0.2 Denial of Service via Buffer Overflow [ = https://www.vulncheck.com/advisories/wansview-denial-of-service-via-buffer-= overflow ]
=C2=A0 94Cb--Carbon Forum Carbon Forum 5.9.0 contains a persistent cross-si=
te scripting vulnerability that allows authenticated administrators to inje=
ct malicious JavaScript code through the Forum Name field in dashboard sett= ings. Attackers with admin privileges can store JavaScript payloads in the = Forum Name field that execute in the browsers of all users visiting the for= um, enabling session hijacking and data theft. 2026-04-22 6.4 CVE-2024-5834=
4 [ https://www.cve.org/CVERecord?id=3DCVE-2024-58344 ] ExploitDB-52043 [ h= ttps://www.exploit-db.com/exploits/52043 ]
Official Product Homepage [ https://www.94cb.com/ ]
Product Reference [ https://github.com/lincanbin/Carbon-Forum ]
VulnCheck Advisory: Carbon Forum 5.9.0 Persistent XSS via Forum Name Field =
[ https://www.vulncheck.com/advisories/carbon-forum-persistent-xss-via-foru= m-name-field ]
=C2=A0 GitLab--GitLab GitLab has remediated an issue in GitLab CE/EE affect= ing all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 b= efore 18.11.1 that could have allowed an authenticated user to cause denial=
of service under certain conditions by exhausting server resources by maki=
ng crafted requests to a discussions endpoint. 2026-04-22 6.5 CVE-2025-0186=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-0186 ] HackerOne Bug Bounty = Report #2915694 [ https://hackerone.com/reports/2915694 ] https://gitlab.com/gitlab-org/gitlab/-/work_items/511312 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-r= eleased/
=C2=A0 GitLab--GitLab GitLab has remediated an issue in GitLab CE/EE affect= ing all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 b= efore 18.11.1 that could have allowed an authenticated user to cause denial=
of service by overwhelming system resources under certain conditions due t=
o insufficient resource allocation limits in the GraphQL API. 2026-04-22 6.=
5 CVE-2025-3922 [ https://www.cve.org/CVERecord?id=3DCVE-2025-3922 ] Hacker= One Bug Bounty Report #3098035 [ https://hackerone.com/reports/3098035 ] https://gitlab.com/gitlab-org/gitlab/-/work_items/537422 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-r= eleased/
=C2=A0 Picajet--RoboImport RoboImport 1.2.0.72 contains a denial of service=
vulnerability that allows local attackers to crash the application by subm= itting oversized input to registration fields. Attackers can paste a 6000-b= yte buffer into the Registration Name and Registration Key fields and click=
Register to trigger an application crash. 2026-04-26 5.5 CVE-2018-25276 [ = https://www.cve.org/CVERecord?id=3DCVE-2018-25276 ] ExploitDB-45382 [ https= ://www.exploit-db.com/exploits/45382 ]
Product Reference [ http://www.picajet.com/download/RoboImportInstall.exe ] VulnCheck Advisory: RoboImport 1.2.0.72 Denial of Service via Registration = Fields [ https://www.vulncheck.com/advisories/roboimport-denial-of-service-= via-registration-fields ]
=C2=A0 Infiltration-Systems--Infiltrator Network Security Scanner Infiltrat=
or Network Security Scanner 4.6 contains a buffer overflow vulnerability th=
at allows local attackers to crash the application by supplying an oversize=
d input string. Attackers can paste a 6000-byte payload into the Scan Targe=
t field and trigger a denial of service condition when the Scan button is c= licked. 2026-04-26 5.5 CVE-2018-25280 [ https://www.cve.org/CVERecord?id=3D= CVE-2018-25280 ] ExploitDB-45390 [ https://www.exploit-db.com/exploits/4539=
0 ]
Product Reference [ https://www.infiltration-systems.com/download.shtml ] VulnCheck Advisory: Infiltrator Network Security Scanner 4.6 Denial of Serv= ice [ https://www.vulncheck.com/advisories/infiltrator-network-security-sca= nner-denial-of-service ]
=C2=A0 Maxprog--iCash iCash 7.6.5 contains a buffer overflow vulnerability = that allows local attackers to crash the application by supplying an oversi= zed payload through the Connect to Server dialog. Attackers can paste a 700= 0-byte string into the Host field and click Connect to trigger an applicati=
on crash. 2026-04-26 5.5 CVE-2018-25281 [ https://www.cve.org/CVERecord?id= =3DCVE-2018-25281 ] ExploitDB-45388 [ https://www.exploit-db.com/exploits/4= 5388 ]
VulnCheck Advisory: iCash 7.6.5 Denial of Service via Connect to Server [ h= ttps://www.vulncheck.com/advisories/icash-denial-of-service-via-connect-to-= server ]
=C2=A0 Fathom--Fathom Fathom 2.4 contains a buffer overflow vulnerability i=
n the Authorization Code field that allows local attackers to crash the app= lication by submitting an oversized input string. Attackers can paste a 600= 0-byte payload into the Authorization Code field and click Activate to trig= ger a denial of service condition. 2026-04-26 5.5 CVE-2018-25285 [ https://= www.cve.org/CVERecord?id=3DCVE-2018-25285 ] ExploitDB-45294 [ https://www.e= xploit-db.com/exploits/45294 ]
Official Product Homepage [ https://fathom.concord.org/ ]
Product Reference [ https://fathom.concord.org/download/ ]
VulnCheck Advisory: Fathom 2.4 Denial of Service via Authorization Code Buf= fer Overflow [ https://www.vulncheck.com/advisories/fathom-denial-of-servic= e-via-authorization-code-buffer-overflow ]
=C2=A0 Hdtune--Drive Power Manager Drive Power Manager 1.10 contains a buff=
er overflow vulnerability that allows local attackers to crash the applicat= ion by supplying an excessively long string in the Name field. Attackers ca=
n paste a 6000-byte payload into the Name field and click Register to trigg=
er a denial of service condition. 2026-04-26 5.5 CVE-2018-25287 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2018-25287 ] ExploitDB-45299 [ https://www.ex= ploit-db.com/exploits/45299 ]
Official Product Homepage [ https://www.hdtune.com/ ]
VulnCheck Advisory: Drive Power Manager 1.10 Denial of Service via Name Fie=
ld [ https://www.vulncheck.com/advisories/drive-power-manager-denial-of-ser= vice-via-name-field ]
=C2=A0 P10--Central Management Software P10 Central Management Software 1.4= .13 contains a buffer overflow vulnerability in the login password field th=
at allows local attackers to crash the application by submitting an oversiz=
ed input string. Attackers can paste a 2000-byte payload into the password = field and click login to trigger an application crash and denial of service=
. 2026-04-26 5.5 CVE-2018-25296 [ https://www.cve.org/CVERecord?id=3DCVE-20= 18-25296 ] ExploitDB-45207 [ https://www.exploit-db.com/exploits/45207 ] Official Product Homepage [ https://www.ambientweather.com ]
VulnCheck Advisory: P10 Central Management Software 1.4.13 Denial of Servic=
e [ https://www.vulncheck.com/advisories/p10-central-management-software-de= nial-of-service ]
=C2=A0 Fortra--GoAnywhere MFT Encrypted values in Fortra's GoAnywhere MFT p= rior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize=
a static IV which=C2=A0allows admin users to brute-force decryption of dat=
a. 2026-04-21 5.8 CVE-2025-1241 [ https://www.cve.org/CVERecord?id=3DCVE-20= 25-1241 ] https://fortra.com/security/advisories/product-security/FI-2026-0=
01
=C2=A0 OpenSC--OpenSC Multiple uses of uninitialized variables were found i=
n libopensc that may lead to information disclosure or application crash. A=
n attack requires a crafted USB device or smart card that would present the=
system with specially crafted responses to the APDUs 2026-04-23 5.7 CVE-20= 25-13763 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13763 ] https://acce= ss.redhat.com/security/cve/CVE-2025-13763
RHBZ#2417581 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2417581 ] https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763
=C2=A0 HCLSoftware--BigFix Service Management (SM) HCL BigFix Service Manag= ement (SM) Discovery is vulnerable to unenforced encryption due to port 80 = (HTTP) being open, allowing unencrypted access.=C2=A0 An attacker with acce=
ss to the network traffic can sniff packets from the connection and uncover=
the data. 2026-04-21 5.3 CVE-2025-31981 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-31981 ] https://support.hcl-software.com/csm?id=3Dkb_article&sy= sparm_article=3DKB0127605
=C2=A0 IBM--Security Verify Directory (Container) IBM Security Verify Direc= tory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul=
d be vulnerable to malicious file upload by not validating file type. A pri= vileged user could upload malicious files into the system that can be sent =
to victims for performing further attacks against the system. 2026-04-22 5.=
5 CVE-2025-36074 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36074 ] http= s://www.ibm.com/support/pages/node/7268907
=C2=A0 hubspotdev--HubSpot All-In-One Marketing Forms, Popups, Live Chat Th=
e HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPr= ess is vulnerable to Sensitive Information Exposure in all versions up to, = and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php=
file. This makes it possible for authenticated attackers, with Contributor= -level access and above, to extract a list of all installed plugins and the=
ir versions which can be leveraged for reconnaissance and further attacks. = 2026-04-24 4.3 CVE-2025-11762 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -11762 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8c62e6= -f459-433a-b0c4-c79285ea7fe9?source=3Dcve https://research.cleantalk.org/CVE-2025-11762 https://plugins.trac.wordpress.org/browser/leadin/tags/11.3.33/public/admin= /class-adminconstants.php
=C2=A0=20

Back to top [ #top ]

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info H= CLSoftware--BigFix Service Management (SM) HCL BigFix Service Management is=
susceptible to HTTP Request Smuggling.=C2=A0 HTTP request smuggling vulner= abilities arise when websites route HTTP requests through web servers with = inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in reque=
st parsing between front-end and back-end servers, allowing attackers to by= pass security controls and perform attacks like cache poisoning or request = hijacking. 2026-04-21 3.7 CVE-2025-31958 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-31958 ] https://support.hcl-software.com/csm?id=3Dkb_article&sy= sparm_article=3DKB0124209
=C2=A0=20

Back to top [ #top ]

Severity Not Yet Assigned

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info N= WCLARK--Storable Storable versions before 3.05 for Perl has a stack overflo=
w. The retrieve_hook function stored the length of the class name into a si= gned integer but in read operations treated the length as unsigned. This al= lowed an attacker to craft data that could trigger the overflow. 2026-04-21=
not yet calculated CVE-2017-20230 [ https://www.cve.org/CVERecord?id=3DCVE= -2017-20230 ] https://github.com/Perl/perl5/issues/15831 https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd2= 16.patch
https://metacpan.org/release/RURBAN/Storable-3.05/changes https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html =C2=A0 Seeyon Internet Software--A8-V5 Collaborative Management Software Se= eyon OA A8 contains an unauthenticated arbitrary file write vulnerability i=
n the /seeyon/htmlofficeservlet endpoint that allows remote attackers to wr= ite arbitrary files to the web application root by sending specially crafte=
d POST requests with custom base64-encoded payloads. Attackers can write JS=
P webshells to the web root and execute them through the web server to achi= eve arbitrary OS command execution with web server privileges.=C2=A0Exploit= ation evidence was first observed by the Shadowserver Foundation on 2021-03= -26 (UTC). 2026-04-21 not yet calculated CVE-2019-25714 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2019-25714 ] https://sourceforge.net/software/product= /A8/ https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyo= n-htmlofficeservlet-getshell/ https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%= BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/ https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/S= ecurity_Notification_reseller_en-US.pdf https://www.broadcom.com/support/security-center/attacksignatures/detail?as= id=3D31713 https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-ht= mlofficeservlet-arbitrary-file-upload https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthent= icated-arbitrary-file-write-via-htmlofficeservlet
=C2=A0 Unknown--Email Encoder The Email Encoder WordPress plugin before 2.3=
.4 does not sanitise and escape some of its settings, which could allow hig=
h privilege users such as admin to perform Stored Cross-Site Scripting atta= cks even when the unfiltered_html capability is disallowed (for example in = multisite setup). 2026-04-20 not yet calculated CVE-2024-7083 [ https://www= .cve.org/CVERecord?id=3DCVE-2024-7083 ] https://wpscan.com/vulnerability/7a= eb6891-e159-4ed8-b1a9-a551140c9fcc/
=C2=A0 Semantic MediaWiki--Semantic MediaWiki Cross-Site Scripting (XSS) vu= lnerability reflected in Semantic MediaWiki. This vulnerability allows an a= ttacker to execute JavaScript code in the victim's browser by sending them =
a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint=
parameter. This vulnerability can be exploited to steal sensitive user dat=
a, such as session cookies, or to perform actions on behalf of the user. 20= 26-04-21 not yet calculated CVE-2025-10354 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-10354 ] https://www.incibe.es/en/incibe-cert/notices/aviso/re= flected-cross-site-scripting-xss-semantic-mediawiki
=C2=A0 EfficientLab, LLC--Controlio EfficientLab Controlio before v1.3.95 c= ontains a DLL hijacking vulnerability caused by weak folder permissions in = the installation directory. A local attacker can place a specially crafted = DLL in this directory and achieve arbitrary code execution with highest pri= vileges, because the affected service runs as NT AUTHORITY\SYSTEM. 2026-04-=
23 not yet calculated CVE-2025-10549 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-10549 ] https://r.sec-consult.com/controlio https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-Apr= il-15-2026-ver-1-3-95
=C2=A0 Fudo Security--Fudo Enterprise Fudo Enterprise in versions from 5.5.=
0 through 5.6.2 allows low privileged users to access certain administrator= -only resources via improperly protected API endpoints. This includes sensi= tive information such as system logs and parts of system configuration sett= ings. This vulnerability has been fixed in version 5.6.3 2026-04-20 not yet=
calculated CVE-2025-13480 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13= 480 ] https://www.fudosecurity.com/product/enterprise https://cert.pl/en/posts/2026/04/CVE-2025-13480 https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5.6.3.pdf
=C2=A0 Zervit--portable HTTP/Web server Zervit's portable HTTP/web server i=
s vulnerable to remote DoS attacks when a configuration reset request is ma= de. The vulnerability is caused by inadequate validation of user-supplied i= nput. An attacker can exploit this vulnerability by sending malicious reque= sts. If the vulnerability is successfully exploited, the application can be=
made to stop responding, resulting in a DoS condition. It is possible to m= anually restart the application. 2026-04-21 not yet calculated CVE-2025-138=
26 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13826 ] https://www.incibe= .es/en/incibe-cert/notices/aviso/incorrect-input-validation-zervit-portable= -httpweb-server
=C2=A0 ATRODO--Net:Dropbear Net:Dropbear versions before 0.14 for Perl cont= ains a vulnerable version of libtomcrypt. Net:Dropbear versions before 0.14=
includes versions of Dropbear 2019.78 or earlier. These include versions o=
f libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CV= E-2018-12437. 2026-04-21 not yet calculated CVE-2025-15638 [ https://www.cv= e.org/CVERecord?id=3DCVE-2025-15638 ] https://www.cve.org/CVERecord?id=3DCV= E-2016-6129
https://www.cve.org/CVERecord?id=3DCVE-2018-12437 https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libto= mcrypt/changes
=C2=A0 PHP Point Of Sale--PHP Point Of Sale HTML injection vulnerability in=
PHP Point of Sale v19.4. This vulnerability allows an attacker to render H= TML in the victim's browser due to a lack of proper validation of user inpu=
t by sending a request to '/reports/generate/specific_customer', ussing 'st= art_date_formatted' y 'end_date_formatted' parameters. 2026-04-21 not yet c= alculated CVE-2025-41011 [ https://www.cve.org/CVERecord?id=3DCVE-2025-4101=
1 ] https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-p= oint-sale-0
=C2=A0 Zeon Global Tech--Zeon Academy Pro SQL injection vulnerability in Ze=
on Academy Pro by Zeon Global Tech. This vulnerability allows an attacker t=
o retrieve, create, update, and delete databases by sending a POST request = using the parameter 'phonenumber' in '/private/continue-upload.php'. 2026-0= 4-21 not yet calculated CVE-2025-41029 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-41029 ] https://www.incibe.es/en/incibe-cert/notices/aviso/sql-= injection-zeon-academy-pro-zeon-global-tech
=C2=A0=20

Back to top [ #top ]

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
: normal; font-style: normal; color: #333333; }=20

Having trouble viewing this message?=C2=A0View it as a webpage [ https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/414c304 ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]

You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [ https://www.cisa.gov ] (CISA)
Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [ https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]

Connect with CISA:=20
Facebook [ https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [ https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [ https://Instagram.com/cisag=
ov ]=C2=A0 |=C2=A0 LinkedIn [ https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]

________________________________________________________________________

This email was sent to cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
=C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ = https://subscriberhelp.granicus.com/ ]=20
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}

--===============7202057243258474346==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
<title> Vulnerability Summary for the Week of April 20, 2026
</title>


</head>
<body style=3D"">

<table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
align=3D"center">
<tr>
<td>

<!--[if (gte mso 9)|(IE)]>
<table style=3D"display:none"><tr><td><a name=3D"gd_top" id=3D"gd_top"></= a></td></tr></table>
<![endif]-->
<a name=3D"gd_top" id=3D"gd_top"></a>

=20



<p><img src=3D"https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100"></p>
<p>You are subscribed to Vulnerability Bulletins for Cybersecurity and In= frastructure Security Agency. This information has recently been updated an=
d is now available.</p>
<p>The CISA Vulnerability Bulletin provides a summary of new vulnerabilitie=
s that have been recorded in the past week. In some cases, the vulnerabilit= ies in the bulletin may not yet have assigned CVSS scores.</p> <p>Vulnerabilities are based on the=C2=A0<a href=3D"https://www.cve.org/" t= arget=3D"_blank" class=3D"ext" data-extlink=3D"" rel=3D"noopener">Common Vu= lnerabilities and Exposures</a>=C2=A0(CVE) vulnerability naming standard an=
d are organized according to severity, determined by the=C2=A0<a href=3D"ht= tps://www.cve.org/about/relatedefforts" target=3D"_blank" rel=3D"noopener">= Common Vulnerability Scoring System</a>=C2=A0(CVSS) standard. The division =
of high, medium, and low severities correspond to the following scores:</p>


<strong>High</strong>: vulnerabilities with a CVSS base score of 7.0=E2=80= =9310.0</li>

<strong>Medium</strong>: vulnerabilities with a CVSS base score of 4.0=E2= =80=936.9</li>

<strong>Low</strong>: vulnerabilities with a CVSS base score of 0.0=E2=80= =933.9</li>
</ul>
<p>Entries may include additional information provided by organizations and=
efforts sponsored by CISA. This information may include identifying inform= ation, values, definitions, and related links. Patch information is provide=
d when available. Please note that some of the information in the bulletin =
is compiled from external, open-source reports and is not a direct result o=
f CISA analysis.</p>
<p><a href=3D"https://www.cisa.gov/news-events/bulletins/sb26-117" style=3D= "font-size: 120%; font-weight: bold;">Vulnerability Summary for the Week of=
April 20, 2026</a></p>
<div class=3D"rss_item" style=3D"margin-bottom: 2em;">
<div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">04/27/2026 2:30 PM EDT</div>
<div class=3D"rss_description" style=3D"margin: 0 0 0.3em; padding: 0;">
<div id=3D"high_v">
<h2 id=3D"high_v_title">High Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"High Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">Thinkphp--ThinkPHP</td>
<td>ThinkPHP 5.0.23 contains a remote code execution vulnerability that all= ows unauthenticated attackers to execute arbitrary PHP code by invoking fun= ctions through the routing parameter. Attackers can craft requests to the i= ndex.php endpoint with malicious function parameters to execute system comm= ands with application privileges.</td>
<td>2026-04-22</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25270" target=3D= "_blank" rel=3D"noopener">CVE-2018-25270</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45978" target=3D"_blank" rel= =3D"noopener">ExploitDB-45978</a><br><a href=3D"https://thinkphp.cn" target= =3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"ht= tps://github.com/top-think/framework/" target=3D"_blank" rel=3D"noopener">P= roduct Reference</a><br><a href=3D"https://www.vulncheck.com/advisories/thi= nkphp-remote-code-execution-via-invokefunction" target=3D"_blank" rel=3D"no= opener">VulnCheck Advisory: ThinkPHP 5.0.23 Remote Code Execution via invok= efunction</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Elba--ELBA5</td>
<td>ELBA5 5.8.0 contains a remote code execution vulnerability that allows = attackers to obtain database credentials and execute arbitrary commands wit=
h SYSTEM level permissions. Attackers can connect to the database using def= ault connector credentials, decrypt the DBA password, and execute commands = via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER = table.</td>
<td>2026-04-22</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25272" target=3D= "_blank" rel=3D"noopener">CVE-2018-25272</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45905" target=3D"_blank" rel= =3D"noopener">ExploitDB-45905</a><br><a href=3D"https://www.elba.at" target= =3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"ht= tps://www.vulncheck.com/advisories/elba5-remote-code-execution-via-database= -access" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: ELBA5 5.8.0=
Remote Code Execution via Database Access</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Lizardsystems--Terminal Services Manager</td> <td>Terminal Services Manager 3.1 contains a stack-based buffer overflow vu= lnerability in the computer names field that allows local attackers to exec= ute arbitrary code by triggering structured exception handling. Attackers c=
an craft a malicious input file with shellcode and jump instructions that o= verwrite the SEH handler pointer to execute calc.exe or other payloads when=
imported through the add computers wizard.</td>
<td>2026-04-22</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25259" target=3D= "_blank" rel=3D"noopener">CVE-2018-25259</a></td>

<a href=3D"https://www.exploit-db.com/exploits/46058" target=3D"_blank" rel= =3D"noopener">ExploitDB-46058</a><br><a href=3D"https://lizardsystems.com" = target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/terminal-services-manager-buffer-o= verflow-seh" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Termina=
l Services Manager 3.1 Buffer Overflow SEH</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Magix--MAGIX Music Editor</td>
<td>MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the = FreeDB Proxy Options dialog that allows local attackers to execute arbitrar=
y code by exploiting structured exception handling. Attackers can craft a m= alicious payload, paste it into the Server field via the CD menu's FreeDB P= roxy Options, and trigger code execution when settings are accepted.</td> <td>2026-04-22</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25260" target=3D= "_blank" rel=3D"noopener">CVE-2018-25260</a></td>

<a href=3D"https://www.exploit-db.com/exploits/46056" target=3D"_blank" rel= =3D"noopener">ExploitDB-46056</a><br><a href=3D"https://www.magix.com/us/" = target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.magix.com/us/music/mp3-deluxe/" target=3D"_blank" rel=3D"no= opener">Product Reference</a><br><a href=3D"https://www.vulncheck.com/advis= ories/magix-music-editor-buffer-overflow-via-seh" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: MAGIX Music Editor 3.1 Buffer Overflow via SE= H</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Iperiusbackup--Iperius Backup</td>
<td>Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in = the structured exception handling (SEH) mechanism that allows local attacke=
rs to execute arbitrary code by supplying a malicious file path. Attackers = can create a backup job with a crafted payload in the external file locatio=
n field that triggers a buffer overflow when the backup job executes, enabl= ing code execution with application privileges.</td>
<td>2026-04-22</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25261" target=3D= "_blank" rel=3D"noopener">CVE-2018-25261</a></td>

<a href=3D"https://www.exploit-db.com/exploits/46059" target=3D"_blank" rel= =3D"noopener">ExploitDB-46059</a><br><a href=3D"https://www.iperiusbackup.c= om" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a = href=3D"https://www.vulncheck.com/advisories/iperius-backup-local-buffer-ov= erflow-seh" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Iperius = Backup 5.8.1 Local Buffer Overflow SEH</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">faleemi--Faleemi Desktop Software</td>
<td>Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnera= bility in the Device alias field that allows local attackers to trigger a s= tructured exception handler (SEH) overwrite. Attackers can craft a maliciou=
s payload and paste it into the Device alias field within the Managing Log = interface to execute arbitrary code with calculator proof-of-concept execut= ion.</td>
<td>2026-04-26</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25263" target=3D= "_blank" rel=3D"noopener">CVE-2018-25263</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45492" target=3D"_blank" rel= =3D"noopener">ExploitDB-45492</a><br><a href=3D"http://support.faleemi.com/= fsc776/Faleemi_v1.8.exe" target=3D"_blank" rel=3D"noopener">Product Referen= ce</a><br><a href=3D"https://www.vulncheck.com/advisories/faleemi-desktop-s= oftware-local-buffer-overflow-seh" target=3D"_blank" rel=3D"noopener">VulnC= heck Advisory: Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH</a>= <br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Lizardsystems--LanSpy</td>
<td>LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the = scan section that allows local attackers to execute arbitrary code by explo= iting structured exception handling mechanisms. Attackers can craft malicio=
us payloads using egghunter techniques to locate and execute shellcode, tri= ggering code execution through SEH chain manipulation and controlled jumps.= </td>
<td>2026-04-22</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25265" target=3D= "_blank" rel=3D"noopener">CVE-2018-25265</a></td>

<a href=3D"https://www.exploit-db.com/exploits/46018" target=3D"_blank" rel= =3D"noopener">ExploitDB-46018</a><br><a href=3D"https://lizardsystems.com" = target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/lanspy-local-buffer-overflow" targ= et=3D"_blank" rel=3D"noopener">VulnCheck Advisory: LanSpy 2.0.1.159 Local B= uffer Overflow</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Lizardsystems--LanSpy</td>
<td>LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that al= lows attackers to overwrite the instruction pointer by supplying oversized = input to the scan field. Attackers can craft a payload with 688 bytes of pa= dding followed by 4 bytes of controlled data to crash the application or po= tentially achieve code execution.</td>
<td>2026-04-22</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25268" target=3D= "_blank" rel=3D"noopener">CVE-2018-25268</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45968" target=3D"_blank" rel= =3D"noopener">ExploitDB-45968</a><br><a href=3D"https://lizardsystems.com" = target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/lanspy-local-buffer-overflow-via-s= can-field" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: LanSpy 2.= 0.1.159 Local Buffer Overflow via Scan Field</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Securimport--iSmartViewPro</td>
<td>iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer=
overflow vulnerability in the 'Save Path for Snapshot and Record file' fie=
ld that allows local attackers to execute arbitrary code. Attackers can inp=
ut a crafted payload exceeding 260 bytes through the System Setup interface=
to overwrite SEH records and execute shellcode with application privileges= .</td>
<td>2026-04-26</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25283" target=3D= "_blank" rel=3D"noopener">CVE-2018-25283</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45349" target=3D"_blank" rel= =3D"noopener">ExploitDB-45349</a><br><a href=3D"https://securimport.com/uni= versity/videovigilancia-ip/software/493-software-ismartviewpro-v1-5" target= =3D"_blank" rel=3D"noopener">Product Reference</a><br><a href=3D"https://ww= w.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-param= eter" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: iSmartViewPro = 1.5 Buffer Overflow via SavePath Parameter</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Cewe-Photoworld--CEWE Photoshow</td>
<td>CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the lo= gin dialog that allows attackers to crash the application by submitting ove= rsized input. Attackers can inject 4000 bytes of data into the email addres=
s and password fields to trigger a denial of service condition.</td> <td>2026-04-26</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25294" target=3D= "_blank" rel=3D"noopener">CVE-2018-25294</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45211" target=3D"_blank" rel= =3D"noopener">ExploitDB-45211</a><br><a href=3D"https://cewe-photoworld.com=
/" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a h= ref=3D"https://cewe-photoworld.com/creator-software/windows-download" targe= t=3D"_blank" rel=3D"noopener">Product Reference</a><br><a href=3D"https://w= ww.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-servic=
e" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: CEWE Photoshow 6.= 3.4 Buffer Overflow Denial of Service</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Fortra--GoAnywhere MFT</td>
<td>The login limit is not enforced on the=C2=A0SFTP service of Fortra's Go= Anywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to =
is configured to log in with an SSH Key, making the SSH key vulnerable to b= eing guessed via Brute Force.</td>
<td>2026-04-21</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14362" target=3D= "_blank" rel=3D"noopener">CVE-2025-14362</a></td>

<a href=3D"https://fortra.com/security/advisories/product-security/FI-2026-= 002" target=3D"_blank" rel=3D"noopener">https://fortra.com/security/advisor= ies/product-security/FI-2026-002</a><br>=C2=A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
<div id=3D"medium_v">
<h2 id=3D"medium_v_title">Medium Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Medium Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">Angryip--Angry IP Scanner for Linux</td>
<td>Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerabi= lity that allows local attackers to crash the application by supplying malf= ormed input to the port selection field. Attackers can craft a malicious st= ring containing buffer overflow patterns and paste it into the Preferences = Ports tab to trigger an application crash.</td>
<td>2026-04-22</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25262" target=3D= "_blank" rel=3D"noopener">CVE-2018-25262</a></td>

<a href=3D"https://www.exploit-db.com/exploits/46038" target=3D"_blank" rel= =3D"noopener">ExploitDB-46038</a><br><a href=3D"https://angryip.org/" targe= t=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"h= ttps://www.vulncheck.com/advisories/angry-ip-scanner-for-linux-denial-of-se= rvice" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Angry IP Scan= ner for Linux 3.5.3 Denial of Service</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Acutesystems--TransMac</td>
<td>TransMac 12.2 contains a buffer overflow vulnerability in the license k=
ey input field that allows local attackers to crash the application by subm= itting an oversized string. Attackers can generate a payload file containin=
g 4000 bytes of data, paste it into the License Key field, and trigger a de= nial of service condition.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25264" target=3D= "_blank" rel=3D"noopener">CVE-2018-25264</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45493" target=3D"_blank" rel= =3D"noopener">ExploitDB-45493</a><br><a href=3D"https://www.vulncheck.com/a= dvisories/transmac-denial-of-service-via-license-key-field" target=3D"_blan=
k" rel=3D"noopener">VulnCheck Advisory: TransMac 12.2 Denial of Service via=
License Key Field</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Angryip--Angry IP Scanner</td>
<td>Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the = preferences dialog that allows local attackers to crash the application by = supplying an excessively large string. Attackers can generate a file contai= ning a massive buffer of repeated characters and paste it into the unavaila= ble value field in the display preferences to trigger a denial of service.<=

<td>2026-04-22</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25266" target=3D= "_blank" rel=3D"noopener">CVE-2018-25266</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45993" target=3D"_blank" rel= =3D"noopener">ExploitDB-45993</a><br><a href=3D"https://angryip.org" target= =3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"ht= tps://www.vulncheck.com/advisories/angry-ip-scanner-denial-of-service-via-p= references-buffer-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Ad= visory: Angry IP Scanner 3.5.3 Denial of Service via Preferences Buffer Ove= rflow</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Ultraiso--UltraISO</td>
<td>UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in t=
he Output FileName field of the Make CD/DVD Image dialog that allows attack= ers to overwrite SEH and SE handler records. Attackers can craft a maliciou=
s filename string with 304 bytes of data followed by SEH record overwrite v= alues and paste it into the Output FileName field to trigger a denial of se= rvice crash.</td>
<td>2026-04-22</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25267" target=3D= "_blank" rel=3D"noopener">CVE-2018-25267</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45996" target=3D"_blank" rel= =3D"noopener">ExploitDB-45996</a><br><a href=3D"https://www.ultraiso.com/" = target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/ultraiso-buffer-overflow-via-outpu= t-filename" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: UltraISO=
9.7.1.3519 Buffer Overflow via Output FileName</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">icewarp--ICEWARP Client</td>
<td>ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that all= ows attackers to inject malicious HTML elements into emails by embedding ba= se64-encoded payloads in object and embed tags. Attackers can craft emails = containing data URIs with embedded scripts that execute in the client when = the email is viewed, compromising user sessions and stealing sensitive info= rmation.</td>
<td>2026-04-22</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25269" target=3D= "_blank" rel=3D"noopener">CVE-2018-25269</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45974" target=3D"_blank" rel= =3D"noopener">ExploitDB-45974</a><br><a href=3D"http://www.icewarp.com/" ta= rget=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/icewarp-cross-site-scripting-via-e= mail-html-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory:=
ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection</a><br>=C2= =A0</td>
</tr>

<td class=3D"vendor-product">Textpad--Textpad</td>
<td>Textpad 8.1.2 contains a denial of service vulnerability that allows lo= cal attackers to crash the application by supplying an excessively long buf= fer string through the Run command interface. Attackers can paste a 5000-by=
te payload into the Command field via Tools &gt; Run to trigger a buffer ov= erflow that crashes the application.</td>
<td>2026-04-22</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25271" target=3D= "_blank" rel=3D"noopener">CVE-2018-25271</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45956" target=3D"_blank" rel= =3D"noopener">ExploitDB-45956</a><br><a href=3D"https://textpad.com" target= =3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"ht= tps://www.textpad.com/download/v81/win32/txpeng812-32.zip" target=3D"_blank=
" rel=3D"noopener">Product Reference</a><br><a href=3D"https://www.vulnchec= k.com/advisories/textpad-denial-of-service-via-run-command" target=3D"_blan=
k" rel=3D"noopener">VulnCheck Advisory: Textpad 8.1.2 Denial of Service via=
Run Command</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Acutesystems--CrossFont</td>
<td>CrossFont 7.5 contains a buffer overflow vulnerability that allows loca=
l attackers to crash the application by submitting an oversized payload in = the License Key field. Attackers can generate a malicious file containing 4= 000 bytes of data, paste it into the License Key input field, and trigger a=
n application crash when processing the input.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25273" target=3D= "_blank" rel=3D"noopener">CVE-2018-25273</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45494" target=3D"_blank" rel= =3D"noopener">ExploitDB-45494</a><br><a href=3D"https://www.vulncheck.com/a= dvisories/crossfont-denial-of-service-via-license-key-field" target=3D"_bla= nk" rel=3D"noopener">VulnCheck Advisory: CrossFont 7.5 Denial of Service vi=
a License Key Field</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">infrarecorder--InfraRecorder</td> <td>InfraRecorder 0.53 contains a denial of service vulnerability that allo=
ws local attackers to crash the application by importing a maliciously craf= ted text file. Attackers can create a text file containing 6000 bytes of da=
ta and import it through the Edit menu's Import function to trigger an appl= ication crash.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25274" target=3D= "_blank" rel=3D"noopener">CVE-2018-25274</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45413" target=3D"_blank" rel= =3D"noopener">ExploitDB-45413</a><br><a href=3D"https://www.vulncheck.com/a= dvisories/infrarecorder-denial-of-service-via-txt-file-import" target=3D"_b= lank" rel=3D"noopener">VulnCheck Advisory: InfraRecorder 0.53 Denial of Ser= vice via txt File Import</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">faleemi--Faleemi Plus</td>
<td>Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows=
local attackers to crash the application by supplying oversized input stri= ngs. Attackers can paste a 2000-byte payload into the Camera name and DID n= umber fields during camera addition to trigger an application crash.</td> <td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25275" target=3D= "_blank" rel=3D"noopener">CVE-2018-25275</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45414" target=3D"_blank" rel= =3D"noopener">ExploitDB-45414</a><br><a href=3D"http://support.faleemi.com/= fsc776/Faleemi_Plus_v1.0.2.exe" target=3D"_blank" rel=3D"noopener">Product = Reference</a><br><a href=3D"https://www.vulncheck.com/advisories/faleemi-pl= us-denial-of-service-via-buffer-overflow" target=3D"_blank" rel=3D"noopener= ">VulnCheck Advisory: Faleemi Plus 1.0.2 Denial of Service via Buffer Overf= low</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Br-Software--PixGPS</td>
<td>PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local=
attackers to crash the application by supplying an oversized string to the=
folder path input field. Attackers can craft a payload exceeding 6000 byte=
s and paste it into the 'Folder with picture files' field to trigger a deni=
al of service condition.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25277" target=3D= "_blank" rel=3D"noopener">CVE-2018-25277</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45381" target=3D"_blank" rel= =3D"noopener">ExploitDB-45381</a><br><a href=3D"http://www.br-software.com/= pixgps11_setup.exe" target=3D"_blank" rel=3D"noopener">Product Reference</a= ><br><a href=3D"https://www.vulncheck.com/advisories/pixgps-buffer-overflow= -denial-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = PixGPS 1.1.8 Buffer Overflow Denial of Service</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Picajet--PicaJet FX</td>
<td>PicaJet FX 2.6.5 contains a denial of service vulnerability that allows=
local attackers to crash the application by submitting oversized input to = registration fields. Attackers can paste a 6000-byte buffer into the Regist= ration Name and Registration Key fields via the Help menu's Register PicaJe=
t dialog to trigger an application crash.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25278" target=3D= "_blank" rel=3D"noopener">CVE-2018-25278</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45383" target=3D"_blank" rel= =3D"noopener">ExploitDB-45383</a><br><a href=3D"https://www.vulncheck.com/a= dvisories/picajet-fx-denial-of-service-via-registration-fields" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: PicaJet FX 2.6.5 Denial of Serv= ice via Registration Fields</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Convertimagetotext--jiNa OCR Image to Text</td=

<td>jiNa OCR Image to Text 1.0 contains a denial of service vulnerability t= hat allows local attackers to crash the application by processing a malform=
ed PNG file. Attackers can create a specially crafted PNG file with an over= sized buffer and trigger the crash when the application attempts to convert=
the file to PDF.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25279" target=3D= "_blank" rel=3D"noopener">CVE-2018-25279</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45380" target=3D"_blank" rel= =3D"noopener">ExploitDB-45380</a><br><a href=3D"http://www.convertimagetote= xt.net/downloadsoftware.php" target=3D"_blank" rel=3D"noopener">Product Ref= erence</a><br><a href=3D"https://www.vulncheck.com/advisories/jina-ocr-imag= e-to-text-denial-of-service-via-png" target=3D"_blank" rel=3D"noopener">Vul= nCheck Advisory: jiNa OCR Image to Text 1.0 Denial of Service via PNG</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">ZenMap--ZenMap</td>
<td>Nmap 7.70 contains a denial of service vulnerability that allows local = attackers to crash the application by processing malicious XML files with e= xponential entity expansion. Attackers can create a crafted XML file with n= ested entity definitions and open it through ZenMap's scan import functiona= lity to cause the program to consume excessive system resources and crash.<=

<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25282" target=3D= "_blank" rel=3D"noopener">CVE-2018-25282</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45357" target=3D"_blank" rel= =3D"noopener">ExploitDB-45357</a><br><a href=3D"https://nmap.org/dist/nmap-= 7.70-setup.exe" target=3D"_blank" rel=3D"noopener">Product Reference</a><br= ><a href=3D"https://www.vulncheck.com/advisories/nmap-denial-of-service-via= -xml-entity-expansion" target=3D"_blank" rel=3D"noopener">VulnCheck Advisor=
y: Nmap 7.70 Denial of Service via XML Entity Expansion</a><br>=C2=A0</td> </tr>

<td class=3D"vendor-product">Hdtune--HD Tune Pro</td>
<td>HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows l= ocal attackers to crash the application by supplying an excessively long st= ring in the folder/file name field. Attackers can trigger a denial of servi=
ce by entering a 6000-byte payload through the File &gt; Options &gt; Save = dialog's folder/file name input field.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25284" target=3D= "_blank" rel=3D"noopener">CVE-2018-25284</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45298" target=3D"_blank" rel= =3D"noopener">ExploitDB-45298</a><br><a href=3D"https://www.hdtune.com/" ta= rget=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.hdtune.com/download.html" target=3D"_blank" rel=3D"noopener= ">Product Reference</a><br><a href=3D"https://www.vulncheck.com/advisories/= hd-tune-pro-denial-of-service-via-options-dialog" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: HD Tune Pro 5.70 Denial of Service via Option=
s Dialog</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Hdtune--Easy PhotoResQ</td>
<td>Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows=
local attackers to crash the application by supplying an excessively long = string in the Folder/filename field. Attackers can input a 6000-byte payloa=
d through the File Options dialog to trigger a denial of service condition.= </td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25286" target=3D= "_blank" rel=3D"noopener">CVE-2018-25286</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45300" target=3D"_blank" rel= =3D"noopener">ExploitDB-45300</a><br><a href=3D"https://www.hdtune.com/" ta= rget=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/easy-photoresq-buffer-overflow-den= ial-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Easy=
PhotoResQ 1.0 Buffer Overflow Denial of Service</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Editorsoftware--StyleWriter</td>
<td>StyleWriter 1.0 contains a buffer overflow vulnerability that allows lo= cal attackers to crash the application by supplying an excessively long str= ing. Attackers can paste a 6000-byte payload into the Pattern to Find or Ad= vice Message fields in the Add Pattern dialog to trigger a denial of servic=
e condition.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25288" target=3D= "_blank" rel=3D"noopener">CVE-2018-25288</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45250" target=3D"_blank" rel= =3D"noopener">ExploitDB-45250</a><br><a href=3D"http://www.editorsoftware.c= om" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a = href=3D"http://www.editorsoftware.com/StyleWriter_Download.php" target=3D"_= blank" rel=3D"noopener">Product Reference</a><br><a href=3D"https://www.vul= ncheck.com/advisories/stylewriter-denial-of-service-via-pattern-input" targ= et=3D"_blank" rel=3D"noopener">VulnCheck Advisory: StyleWriter 1.0 Denial o=
f Service via Pattern Input</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Ezbsystems--Softdisk</td>
<td>Softdisk 3.0.3 contains a buffer overflow vulnerability in the registra= tion code dialog that allows local attackers to crash the application by su= pplying an oversized string. Attackers can trigger the vulnerability by ent= ering a 6000-byte payload in the Registration Name field through the Help m= enu's Enter Registration Code dialog to cause a denial of service.</td> <td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25289" target=3D= "_blank" rel=3D"noopener">CVE-2018-25289</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45245" target=3D"_blank" rel= =3D"noopener">ExploitDB-45245</a><br><a href=3D"http://www.ezbsystems.com/"=
target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a hre= f=3D"https://www.ezbsystems.com/softdisc/download.htm" target=3D"_blank" re= l=3D"noopener">Product Reference</a><br><a href=3D"https://www.vulncheck.co= m/advisories/softdisk-buffer-overflow-denial-of-service" target=3D"_blank" = rel=3D"noopener">VulnCheck Advisory: Softdisk 3.0.3 Buffer Overflow Denial =
of Service</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Ezbsystems--Easyboot</td>
<td>Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace = Text function that allows local attackers to crash the application by suppl= ying an oversized string. Attackers can trigger the vulnerability by access= ing File &gt; Tools &gt; Replace Text and pasting a 7000-byte payload into = the text fields to cause a denial of service.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25290" target=3D= "_blank" rel=3D"noopener">CVE-2018-25290</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45241" target=3D"_blank" rel= =3D"noopener">ExploitDB-45241</a><br><a href=3D"http://www.ezbsystems.com/"=
target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a hre= f=3D"https://www.vulncheck.com/advisories/easyboot-buffer-overflow-denial-o= f-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Easyboot = 6.6.0 Buffer Overflow Denial of Service</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Pj64-Emu--Project64</td>
<td>Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin = Directory settings field that allows local attackers to crash the applicati=
on by supplying an excessively long string. Attackers can input a 6000-byte=
payload into the Plugin Directory field through the Options &gt; Settings = &gt; Directories interface to trigger an application crash when settings ar=
e reopened.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25291" target=3D= "_blank" rel=3D"noopener">CVE-2018-25291</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45229" target=3D"_blank" rel= =3D"noopener">ExploitDB-45229</a><br><a href=3D"https://www.pj64-emu.com" t= arget=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/project64-denial-of-service-via-pl= ugin-directory" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Proj= ect64 2.3.2 Denial of Service via Plugin Directory</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Bome--Restorator</td>
<td>Bome Restorator 1793 contains a buffer overflow vulnerability that allo=
ws local attackers to crash the application by supplying an excessively lon=
g string in the Name field. Attackers can create a malicious payload exceed= ing 4000 bytes and paste it into the Name input field to trigger an applica= tion crash and denial of service.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25292" target=3D= "_blank" rel=3D"noopener">CVE-2018-25292</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45223" target=3D"_blank" rel= =3D"noopener">ExploitDB-45223</a><br><a href=3D"https://www.bome.com/" targ= et=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"= https://www.bome.com/bome/downloads/Restorator2018_Full_1793.exe" target=3D= "_blank" rel=3D"noopener">Product Reference</a><br><a href=3D"https://www.v= ulncheck.com/advisories/bome-restorator-1793-denial-of-service-via-buffer-o= verflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Bome Restor= ator 1793 Denial of Service via Buffer Overflow</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Mersenne--Prime95</td>
<td>Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet=
connection dialog that allows local attackers to crash the application by = supplying an excessively long string in the optional proxy password field. = Attackers can trigger a denial of service by entering a 6000-byte payload i= nto the proxy password parameter, causing the application to crash when pro= cessing the connection settings.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25293" target=3D= "_blank" rel=3D"noopener">CVE-2018-25293</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45226" target=3D"_blank" rel= =3D"noopener">ExploitDB-45226</a><br><a href=3D"http://www.mersenne.org" ta= rget=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"http://www.mersenne.org/ftp_root/gimps/p95v294b7.win32.zip" target=3D"_= blank" rel=3D"noopener">Product Reference</a><br><a href=3D"https://www.vul= ncheck.com/advisories/prime95-29-4b7-denial-of-service-via-proxy-password-f= ield" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Prime95 29.4b7=
Denial of Service via Proxy Password Field</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">P10--ObserverIP Scan Tool</td>
<td>ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability=
that allows local attackers to crash the application by submitting an exce= ssively long string in the IP input field. Attackers can paste a 2000-byte = buffer of repeated characters into the IP field and trigger a search operat= ion to cause an application crash.</td>
<td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25295" target=3D= "_blank" rel=3D"noopener">CVE-2018-25295</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45204" target=3D"_blank" rel= =3D"noopener">ExploitDB-45204</a><br><a href=3D"https://www.ambientweather.= com" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a=
href=3D"https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/s= sl/iptools/IPTools64bit.exe" target=3D"_blank" rel=3D"noopener">Product Ref= erence</a><br><a href=3D"https://www.vulncheck.com/advisories/observerip-sc= an-tool-denial-of-service-via-ip-field" target=3D"_blank" rel=3D"noopener">= VulnCheck Advisory: ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP F= ield</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Wansview--Wansview</td>
<td>Wansview 1.0.2 contains a buffer overflow vulnerability that allows loc=
al attackers to crash the application by supplying oversized input strings.=
Attackers can inject 2000-byte payloads into the Camera name and DID numbe=
r fields during camera addition to trigger application crashes.</td> <td>2026-04-26</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25297" target=3D= "_blank" rel=3D"noopener">CVE-2018-25297</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45194" target=3D"_blank" rel= =3D"noopener">ExploitDB-45194</a><br><a href=3D"https://www.vulncheck.com/a= dvisories/wansview-denial-of-service-via-buffer-overflow" target=3D"_blank"=
rel=3D"noopener">VulnCheck Advisory: Wansview 1.0.2 Denial of Service via = Buffer Overflow</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">94Cb--Carbon Forum</td>
<td>Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerabi= lity that allows authenticated administrators to inject malicious JavaScrip=
t code through the Forum Name field in dashboard settings. Attackers with a= dmin privileges can store JavaScript payloads in the Forum Name field that = execute in the browsers of all users visiting the forum, enabling session h= ijacking and data theft.</td>
<td>2026-04-22</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-58344" target=3D= "_blank" rel=3D"noopener">CVE-2024-58344</a></td>

<a href=3D"https://www.exploit-db.com/exploits/52043" target=3D"_blank" rel= =3D"noopener">ExploitDB-52043</a><br><a href=3D"https://www.94cb.com/" targ= et=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href=3D"= https://github.com/lincanbin/Carbon-Forum" target=3D"_blank" rel=3D"noopene= r">Product Reference</a><br><a href=3D"https://www.vulncheck.com/advisories= /carbon-forum-persistent-xss-via-forum-name-field" target=3D"_blank" rel=3D= "noopener">VulnCheck Advisory: Carbon Forum 5.9.0 Persistent XSS via Forum = Name Field</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">GitLab--GitLab</td>
<td>GitLab has remediated an issue in GitLab CE/EE affecting all versions f= rom 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that=
could have allowed an authenticated user to cause denial of service under = certain conditions by exhausting server resources by making crafted request=
s to a discussions endpoint.</td>
<td>2026-04-22</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-0186" target=3D"= _blank" rel=3D"noopener">CVE-2025-0186</a></td>

<a href=3D"https://hackerone.com/reports/2915694" target=3D"_blank" rel=3D"= noopener">HackerOne Bug Bounty Report #2915694</a><br><a href=3D"https://gi= tlab.com/gitlab-org/gitlab/-/work_items/511312" target=3D"_blank" rel=3D"no= opener">https://gitlab.com/gitlab-org/gitlab/-/work_items/511312</a><br><a = href=3D"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-1= 8-11-1-released/" target=3D"_blank" rel=3D"noopener">https://about.gitlab.c= om/releases/2026/04/22/patch-release-gitlab-18-11-1-released/</a><br>=C2=A0= </td>
</tr>

<td class=3D"vendor-product">GitLab--GitLab</td>
<td>GitLab has remediated an issue in GitLab CE/EE affecting all versions f= rom 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that=
could have allowed an authenticated user to cause denial of service by ove= rwhelming system resources under certain conditions due to insufficient res= ource allocation limits in the GraphQL API.</td>
<td>2026-04-22</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-3922" target=3D"= _blank" rel=3D"noopener">CVE-2025-3922</a></td>

<a href=3D"https://hackerone.com/reports/3098035" target=3D"_blank" rel=3D"= noopener">HackerOne Bug Bounty Report #3098035</a><br><a href=3D"https://gi= tlab.com/gitlab-org/gitlab/-/work_items/537422" target=3D"_blank" rel=3D"no= opener">https://gitlab.com/gitlab-org/gitlab/-/work_items/537422</a><br><a = href=3D"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-1= 8-11-1-released/" target=3D"_blank" rel=3D"noopener">https://about.gitlab.c= om/releases/2026/04/22/patch-release-gitlab-18-11-1-released/</a><br>=C2=A0= </td>
</tr>

<td class=3D"vendor-product">Picajet--RoboImport</td>
<td>RoboImport 1.2.0.72 contains a denial of service vulnerability that all= ows local attackers to crash the application by submitting oversized input =
to registration fields. Attackers can paste a 6000-byte buffer into the Reg= istration Name and Registration Key fields and click Register to trigger an=
application crash.</td>
<td>2026-04-26</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25276" target=3D= "_blank" rel=3D"noopener">CVE-2018-25276</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45382" target=3D"_blank" rel= =3D"noopener">ExploitDB-45382</a><br><a href=3D"http://www.picajet.com/down= load/RoboImportInstall.exe" target=3D"_blank" rel=3D"noopener">Product Refe= rence</a><br><a href=3D"https://www.vulncheck.com/advisories/roboimport-den= ial-of-service-via-registration-fields" target=3D"_blank" rel=3D"noopener">= VulnCheck Advisory: RoboImport 1.2.0.72 Denial of Service via Registration = Fields</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Infiltration-Systems--Infiltrator Network Secu= rity Scanner</td>
<td>Infiltrator Network Security Scanner 4.6 contains a buffer overflow vul= nerability that allows local attackers to crash the application by supplyin=
g an oversized input string. Attackers can paste a 6000-byte payload into t=
he Scan Target field and trigger a denial of service condition when the Sca=
n button is clicked.</td>
<td>2026-04-26</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25280" target=3D= "_blank" rel=3D"noopener">CVE-2018-25280</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45390" target=3D"_blank" rel= =3D"noopener">ExploitDB-45390</a><br><a href=3D"https://www.infiltration-sy= stems.com/download.shtml" target=3D"_blank" rel=3D"noopener">Product Refere= nce</a><br><a href=3D"https://www.vulncheck.com/advisories/infiltrator-netw= ork-security-scanner-denial-of-service" target=3D"_blank" rel=3D"noopener">= VulnCheck Advisory: Infiltrator Network Security Scanner 4.6 Denial of Serv= ice</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Maxprog--iCash</td>
<td>iCash 7.6.5 contains a buffer overflow vulnerability that allows local = attackers to crash the application by supplying an oversized payload throug=
h the Connect to Server dialog. Attackers can paste a 7000-byte string into=
the Host field and click Connect to trigger an application crash.</td> <td>2026-04-26</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25281" target=3D= "_blank" rel=3D"noopener">CVE-2018-25281</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45388" target=3D"_blank" rel= =3D"noopener">ExploitDB-45388</a><br><a href=3D"https://www.vulncheck.com/a= dvisories/icash-denial-of-service-via-connect-to-server" target=3D"_blank" = rel=3D"noopener">VulnCheck Advisory: iCash 7.6.5 Denial of Service via Conn= ect to Server</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Fathom--Fathom</td>
<td>Fathom 2.4 contains a buffer overflow vulnerability in the Authorizatio=
n Code field that allows local attackers to crash the application by submit= ting an oversized input string. Attackers can paste a 6000-byte payload int=
o the Authorization Code field and click Activate to trigger a denial of se= rvice condition.</td>
<td>2026-04-26</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25285" target=3D= "_blank" rel=3D"noopener">CVE-2018-25285</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45294" target=3D"_blank" rel= =3D"noopener">ExploitDB-45294</a><br><a href=3D"https://fathom.concord.org/=
" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a hr= ef=3D"https://fathom.concord.org/download/" target=3D"_blank" rel=3D"noopen= er">Product Reference</a><br><a href=3D"https://www.vulncheck.com/advisorie= s/fathom-denial-of-service-via-authorization-code-buffer-overflow" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Fathom 2.4 Denial of Servi=
ce via Authorization Code Buffer Overflow</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Hdtune--Drive Power Manager</td>
<td>Drive Power Manager 1.10 contains a buffer overflow vulnerability that = allows local attackers to crash the application by supplying an excessively=
long string in the Name field. Attackers can paste a 6000-byte payload int=
o the Name field and click Register to trigger a denial of service conditio= n.</td>
<td>2026-04-26</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25287" target=3D= "_blank" rel=3D"noopener">CVE-2018-25287</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45299" target=3D"_blank" rel= =3D"noopener">ExploitDB-45299</a><br><a href=3D"https://www.hdtune.com/" ta= rget=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a href= =3D"https://www.vulncheck.com/advisories/drive-power-manager-denial-of-serv= ice-via-name-field" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = Drive Power Manager 1.10 Denial of Service via Name Field</a><br>=C2=A0</td=

</tr>

<td class=3D"vendor-product">P10--Central Management Software</td>
<td>P10 Central Management Software 1.4.13 contains a buffer overflow vulne= rability in the login password field that allows local attackers to crash t=
he application by submitting an oversized input string. Attackers can paste=
a 2000-byte payload into the password field and click login to trigger an = application crash and denial of service.</td>
<td>2026-04-26</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-25296" target=3D= "_blank" rel=3D"noopener">CVE-2018-25296</a></td>

<a href=3D"https://www.exploit-db.com/exploits/45207" target=3D"_blank" rel= =3D"noopener">ExploitDB-45207</a><br><a href=3D"https://www.ambientweather.= com" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a><br><a=
href=3D"https://www.vulncheck.com/advisories/p10-central-management-softwa= re-denial-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory=
: P10 Central Management Software 1.4.13 Denial of Service</a><br>=C2=A0</t=

</tr>

<td class=3D"vendor-product">Fortra--GoAnywhere MFT</td>
<td>Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and=
GoAnywhere Agents prior to version 2.2.0 utilize a static IV which=C2=A0al= lows admin users to brute-force decryption of data.</td>
<td>2026-04-21</td>
<td>5.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-1241" target=3D"= _blank" rel=3D"noopener">CVE-2025-1241</a></td>

<a href=3D"https://fortra.com/security/advisories/product-security/FI-2026-= 001" target=3D"_blank" rel=3D"noopener">https://fortra.com/security/advisor= ies/product-security/FI-2026-001</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSC--OpenSC</td>
<td>Multiple uses of uninitialized variables were found in libopensc that m=
ay lead to information disclosure or application crash. An attack requires =
a crafted USB device or smart card that would present the system with speci= ally crafted responses to the APDUs</td>
<td>2026-04-23</td>
<td>5.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13763" target=3D= "_blank" rel=3D"noopener">CVE-2025-13763</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-13763" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-1= 3763</a><br><a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D241758=
1" target=3D"_blank" rel=3D"noopener">RHBZ#2417581</a><br><a href=3D"https:= //github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv" target= =3D"_blank" rel=3D"noopener">https://github.com/OpenSC/OpenSC/security/advi= sories/GHSA-2v44-fq35-98vv</a><br><a href=3D"https://github.com/OpenSC/Open= SC/wiki/CVE-2025-13763" target=3D"_blank" rel=3D"noopener">https://github.c= om/OpenSC/OpenSC/wiki/CVE-2025-13763</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">HCLSoftware--BigFix Service Management (SM)</t=

<td>HCL BigFix Service Management (SM) Discovery is vulnerable to unenforce=
d encryption due to port 80 (HTTP) being open, allowing unencrypted access.= =C2=A0 An attacker with access to the network traffic can sniff packets fro=
m the connection and uncover the data.</td>
<td>2026-04-21</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-31981" target=3D= "_blank" rel=3D"noopener">CVE-2025-31981</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127605" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127605</a><br>=C2=A0</t=

</tr>

<td class=3D"vendor-product">IBM--Security Verify Directory (Container)</td=

<td>IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM S= ecurity Verify Directory could be vulnerable to malicious file upload by no=
t validating file type. A privileged user could upload malicious files into=
the system that can be sent to victims for performing further attacks agai= nst the system.</td>
<td>2026-04-22</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36074" target=3D= "_blank" rel=3D"noopener">CVE-2025-36074</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7268907" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7268907</a><br>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">hubspotdev--HubSpot All-In-One Marketing Forms=
, Popups, Live Chat</td>
<td>The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for = WordPress is vulnerable to Sensitive Information Exposure in all versions u=
p to, and including, 11.3.32 via the leadin/public/admin/class-adminconstan= ts.php file. This makes it possible for authenticated attackers, with Contr= ibutor-level access and above, to extract a list of all installed plugins a=
nd their versions which can be leveraged for reconnaissance and further att= acks.</td>
<td>2026-04-24</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11762" target=3D= "_blank" rel=3D"noopener">CVE-2025-11762</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8c62= e6-f459-433a-b0c4-c79285ea7fe9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8c62e6-f45= 9-433a-b0c4-c79285ea7fe9?source=3Dcve</a><br><a href=3D"https://research.cl= eantalk.org/CVE-2025-11762" target=3D"_blank" rel=3D"noopener">https://rese= arch.cleantalk.org/CVE-2025-11762</a><br><a href=3D"https://plugins.trac.wo= rdpress.org/browser/leadin/tags/11.3.33/public/admin/class-adminconstants.p= hp" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/b= rowser/leadin/tags/11.3.33/public/admin/class-adminconstants.php</a><br>=C2= =A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
<div id=3D"low_v">
<h2 id=3D"low_v_title">Low Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Low Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">HCLSoftware--BigFix Service Management (SM)</t=

<td>HCL BigFix Service Management is susceptible to HTTP Request Smuggling.= =C2=A0 HTTP request smuggling vulnerabilities arise when websites route HTT=
P requests through web servers with inconsistent HTTP parsing. HTTP Smuggli=
ng exploits inconsistencies in request parsing between front-end and back-e=
nd servers, allowing attackers to bypass security controls and perform atta= cks like cache poisoning or request hijacking.</td>
<td>2026-04-21</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-31958" target=3D= "_blank" rel=3D"noopener">CVE-2025-31958</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0124209" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0124209</a><br>=C2=A0</t=

</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
<div id=3D"snya_v">
<h2 id=3D"snya_v_title">Severity Not Yet Assigned</h2>
<table id=3D"table_severity_not_yet_assigned" class=3D"table no-tablesaw" s= tyle=3D"table-layout: fixed; width: 100%;" border=3D"1" summary=3D"Severity=
Not Yet Assigned" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">NWCLARK--Storable</td>
<td>Storable versions before 3.05 for Perl has a stack overflow. The retrie= ve_hook function stored the length of the class name into a signed integer = but in read operations treated the length as unsigned. This allowed an atta= cker to craft data that could trigger the overflow.</td>
<td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2017-20230" target=3D= "_blank" rel=3D"noopener">CVE-2017-20230</a></td>

<a href=3D"https://github.com/Perl/perl5/issues/15831" target=3D"_blank" re= l=3D"noopener">https://github.com/Perl/perl5/issues/15831</a><br><a href=3D= "https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd= 216.patch" target=3D"_blank" rel=3D"noopener">https://github.com/Perl/perl5= /commit/a258c17c6937f79529c8319a829310e09cdbd216.patch</a><br><a href=3D"ht= tps://metacpan.org/release/RURBAN/Storable-3.05/changes" target=3D"_blank" = rel=3D"noopener">https://metacpan.org/release/RURBAN/Storable-3.05/changes<= /a><br><a href=3D"https://www.nntp.perl.org/group/perl.perl5.porters/2017/0= 1/msg242533.html" target=3D"_blank" rel=3D"noopener">https://www.nntp.perl.= org/group/perl.perl5.porters/2017/01/msg242533.html</a><br><a href=3D"https= ://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html" targe= t=3D"_blank" rel=3D"noopener">https://www.nntp.perl.org/group/perl.perl5.po= rters/2017/01/msg242703.html</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Seeyon Internet Software--A8-V5 Collaborative = Management Software</td>
<td>Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerabi= lity in the /seeyon/htmlofficeservlet endpoint that allows remote attackers=
to write arbitrary files to the web application root by sending specially = crafted POST requests with custom base64-encoded payloads. Attackers can wr= ite JSP webshells to the web root and execute them through the web server t=
o achieve arbitrary OS command execution with web server privileges.=C2=A0E= xploitation evidence was first observed by the Shadowserver Foundation on 2= 021-03-26 (UTC).</td>
<td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25714" target=3D= "_blank" rel=3D"noopener">CVE-2019-25714</a></td>

<a href=3D"https://sourceforge.net/software/product/A8/" target=3D"_blank" = rel=3D"noopener">https://sourceforge.net/software/product/A8/</a><br><a hre= f=3D"https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/= seeyon-htmlofficeservlet-getshell/" target=3D"_blank" rel=3D"noopener">http= s://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-ht= mlofficeservlet-getshell/</a><br><a href=3D"https://wiki.96.mk/Web%E5%AE%89= %E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeser= vlet%20getshell%20%E6%BC%8F%E6%B4%9E/" target=3D"_blank" rel=3D"noopener">h= ttps://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%B= F%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/</a><br>=
<a href=3D"https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/= pdf/90916/Security_Notification_reseller_en-US.pdf" target=3D"_blank" rel= =3D"noopener">https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/downlo= ad/pdf/90916/Security_Notification_reseller_en-US.pdf</a><br><a href=3D"htt= ps://www.broadcom.com/support/security-center/attacksignatures/detail?asid= =3D31713" target=3D"_blank" rel=3D"noopener">https://www.broadcom.com/suppo= rt/security-center/attacksignatures/detail?asid=3D31713</a><br><a href=3D"h= ttps://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htm= lofficeservlet-arbitrary-file-upload" target=3D"_blank" rel=3D"noopener">ht= tps://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-html= officeservlet-arbitrary-file-upload</a><br><a href=3D"https://www.vulncheck= .com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file= -write-via-htmlofficeservlet" target=3D"_blank" rel=3D"noopener">https://ww= w.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arb= itrary-file-write-via-htmlofficeservlet</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Unknown--Email Encoder</td>
<td>The Email Encoder WordPress plugin before 2.3.4 does not sanitise and e= scape some of its settings, which could allow high privilege users such as = admin to perform Stored Cross-Site Scripting attacks even when the unfilter= ed_html capability is disallowed (for example in multisite setup).</td> <td>2026-04-20</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-7083" target=3D"= _blank" rel=3D"noopener">CVE-2024-7083</a></td>

<a href=3D"https://wpscan.com/vulnerability/7aeb6891-e159-4ed8-b1a9-a551140= c9fcc/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /7aeb6891-e159-4ed8-b1a9-a551140c9fcc/</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Semantic MediaWiki--Semantic MediaWiki</td> <td>Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWik=
i. This vulnerability allows an attacker to execute JavaScript code in the = victim's browser by sending them a malicious URL using the '/index.php/Spec= iaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be expl= oited to steal sensitive user data, such as session cookies, or to perform = actions on behalf of the user.</td>
<td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10354" target=3D= "_blank" rel=3D"noopener">CVE-2025-10354</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cro= ss-site-scripting-xss-semantic-mediawiki" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-s= cripting-xss-semantic-mediawiki</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">EfficientLab, LLC--Controlio</td>
<td>EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerab= ility caused by weak folder permissions in the installation directory. A lo= cal attacker can place a specially crafted DLL in this directory and achiev=
e arbitrary code execution with highest privileges, because the affected se= rvice runs as NT AUTHORITY\SYSTEM.</td>
<td>2026-04-23</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10549" target=3D= "_blank" rel=3D"noopener">CVE-2025-10549</a></td>

<a href=3D"https://r.sec-consult.com/controlio" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/controlio</a><br><a href=3D"https://kb.co= ntrolio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ve= r-1-3-95" target=3D"_blank" rel=3D"noopener">https://kb.controlio.net/hc/en= -us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95</a><br>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Fudo Security--Fudo Enterprise</td>
<td>Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privile= ged users to access certain administrator-only resources via improperly pro= tected API endpoints. This includes sensitive information such as system lo=
gs and parts of system configuration settings. This vulnerability has been = fixed in version 5.6.3</td>
<td>2026-04-20</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13480" target=3D= "_blank" rel=3D"noopener">CVE-2025-13480</a></td>

<a href=3D"https://www.fudosecurity.com/product/enterprise" target=3D"_blan=
k" rel=3D"noopener">https://www.fudosecurity.com/product/enterprise</a><br>=
<a href=3D"https://cert.pl/en/posts/2026/04/CVE-2025-13480" target=3D"_blan=
k" rel=3D"noopener">https://cert.pl/en/posts/2026/04/CVE-2025-13480</a><br>=
<a href=3D"https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5= .6.3.pdf" target=3D"_blank" rel=3D"noopener">https://download.fudosecurity.= com/documentation/fudo/5_6/rn/RN_5.6.3.pdf</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Zervit--portable HTTP/Web server</td>
<td>Zervit's portable HTTP/web server is vulnerable to remote DoS attacks w= hen a configuration reset request is made. The vulnerability is caused by i= nadequate validation of user-supplied input. An attacker can exploit this v= ulnerability by sending malicious requests. If the vulnerability is success= fully exploited, the application can be made to stop responding, resulting =
in a DoS condition. It is possible to manually restart the application.</td=

<td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13826" target=3D= "_blank" rel=3D"noopener">CVE-2025-13826</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-inp= ut-validation-zervit-portable-httpweb-server" target=3D"_blank" rel=3D"noop= ener">https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-va= lidation-zervit-portable-httpweb-server</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">ATRODO--Net:Dropbear</td>
<td>Net:Dropbear versions before 0.14 for Perl contains a vulnerable versio=
n of libtomcrypt. Net:Dropbear versions before 0.14 includes versions of Dr= opbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or=
earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.</td> <td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15638" target=3D= "_blank" rel=3D"noopener">CVE-2025-15638</a></td>

<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2016-6129" target=3D"_bla= nk" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2016-6129</a><b= r><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2018-12437" target=3D"_= blank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2018-12437</= a><br><a href=3D"https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/sour= ce/dropbear/libtomcrypt/changes" target=3D"_blank" rel=3D"noopener">https:/= /metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/= changes</a><br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">PHP Point Of Sale--PHP Point Of Sale</td>
<td>HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerabi= lity allows an attacker to render HTML in the victim's browser due to a lac=
k of proper validation of user input by sending a request to '/reports/gene= rate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatte=
d' parameters.</td>
<td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41011" target=3D= "_blank" rel=3D"noopener">CVE-2025-41011</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/html-injectio= n-php-point-sale-0" target=3D"_blank" rel=3D"noopener">https://www.incibe.e= s/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0</a><br>=C2= =A0</td>
</tr>

<td class=3D"vendor-product">Zeon Global Tech--Zeon Academy Pro</td>
<td>SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. Th=
is vulnerability allows an attacker to retrieve, create, update, and delete=
databases by sending a POST request using the parameter 'phonenumber' in '= /private/continue-upload.php'.</td>
<td>2026-04-21</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41029" target=3D= "_blank" rel=3D"noopener">CVE-2025-41029</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection= -zeon-academy-pro-zeon-global-tech" target=3D"_blank" rel=3D"noopener">http= s://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-zeon-academy-p= ro-zeon-global-tech</a><br>=C2=A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
</div>
</div>
<style>body {
font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
l; font-style: normal; color: #333333;
}
</style>
=20


<div id=3D"mail_footer">
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; colo=
r: #757575;">Having trouble viewing this message?=C2=A0</span><a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/414c304" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a><span style=3D"font-size: 10.0pt; color: #757575;= "></span></p>
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">You are subscribed to updates from the </span><a href=3D"https://w= ww.cisa.gov"><span style=3D"font-size: 10.0pt;">Cybersecurity and Infrastru= cture Security Agency</span></a><span style=3D"font-size: 10.0pt; color: #7= 57575;"> (CISA)<br></span><a href=3D"https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener"><span style=3D"font-size: 10.0pt; color: #00568c;">Manage Sub= scriptions</span></a>=C2=A0=C2=A0<span style=3D"font-size: 10.0pt; color: #= 757575;">|=C2=A0=C2=A0</span><a href=3D"https://www.cisa.gov/privacy-policy=
" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; colo=
r: #00568c;">Privacy Policy</span></a><span style=3D"font-size: 10.0pt; col= or: #757575;">=C2=A0=C2=A0|=C2=A0 <a href=3D"https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a></span><span style= =3D"font-size: 10.0pt; color: #757575;"></span></p>
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">Connect with CISA: <br></span><a href=3D"https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; = color: #00568c;">Facebook</span></a><span style=3D"font-size: 10.0pt; color=
: #757575;">=C2=A0 |=C2=A0 </span><a href=3D"https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: = #00568c;">Twitter</span></a><span style=3D"font-size: 10.0pt; color: #75757= 5;">=C2=A0 |=C2=A0 </span><a href=3D"https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: #0056= 8c;">Instagram</span></a><span style=3D"font-size: 10.0pt; color: #757575;"= >=C2=A0 |=C2=A0 </span><a href=3D"https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= "><span style=3D"font-size: 10.0pt; color: #00568c;">LinkedIn</span></a><sp=
an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self"><span style=3D"font-size: 10.0pt; color: #00568c;">YouTube</spa= n></a><span style=3D"font-size: 10.0pt; color: #757575;"></span></p>

</div>
<div id=3D"tagline">
<hr>
<table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=

<tbody>

<td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
<td align=3D"right" width=3D"11%"><a href=3D"https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
" width=3D"115"></a></td>
</tr>
</tbody>
</table>
<style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
img {margin-left:0px; margin-right:0px;}</style>

</div>
</td>
</tr>
</table>

<img alt=3D"" src=3D"https://links-2.govdelivery.com/CI0/0101019dd0288e87-7= f4e2f98-5445-4f81-bd94-4dd7b55830c9-000000/DA989XG14Z9ZmioeHdZWQ6KkXiZtuMOV= nhlaemeMJzk=3D452" style=3D"display: none; width: 1px; height: 1px;">
</body>
</html>

--===============7202057243258474346==--

--===============3056810512375672517==--