Vulnerability Summary for the Week of April 20, 2026

Vulnerability Summary for the Week of April 20, 2026

Released Apr 27, 2026 Document ID SB26-117 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High: vulnerabilities with a CVSS base score of 7.0–10.0
• Medium: vulnerabilities with a CVSS base score of 4.0–6.9
• Low: vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

Vulnerability Severity:

High Vulnerabilities

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| Thinkphp--ThinkPHP | ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges. | 2026-04-22 | 9.8 | CVE-2018-25270 | ExploitDB-45978
Official Product Homepage
Product Reference
VulnCheck Advisory: ThinkPHP 5.0.23 Remote Code Execution via invokefunction |
| Elba--ELBA5 | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table. | 2026-04-22 | 9.8 | CVE-2018-25272 | ExploitDB-45905
Official Product Homepage
VulnCheck Advisory: ELBA5 5.8.0 Remote Code Execution via Database Access |
| Lizardsystems--Terminal Services Manager | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard. | 2026-04-22 | 8.4 | CVE-2018-25259 | ExploitDB-46058
Official Product Homepage
VulnCheck Advisory: Terminal Services Manager 3.1 Buffer Overflow SEH |
| Magix--MAGIX Music Editor | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB Proxy Options, and trigger code execution when settings are accepted. | 2026-04-22 | 8.4 | CVE-2018-25260 | ExploitDB-46056
Official Product Homepage
Product Reference
VulnCheck Advisory: MAGIX Music Editor 3.1 Buffer Overflow via SEH |
| Iperiusbackup--Iperius Backup | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges. | 2026-04-22 | 8.4 | CVE-2018-25261 | ExploitDB-46059
Official Product Homepage
VulnCheck Advisory: Iperius Backup 5.8.1 Local Buffer Overflow SEH |
| faleemi--Faleemi Desktop Software | Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution. | 2026-04-26 | 8.4 | CVE-2018-25263 | ExploitDB-45492
Product Reference
VulnCheck Advisory: Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH |
| Lizardsystems--LanSpy | LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps. | 2026-04-22 | 8.4 | CVE-2018-25265 | ExploitDB-46018
Official Product Homepage
VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow |
| Lizardsystems--LanSpy | LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution. | 2026-04-22 | 8.4 | CVE-2018-25268 | ExploitDB-45968
Official Product Homepage
VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field |
| Securimport--iSmartViewPro | iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges. | 2026-04-26 | 8.4 | CVE-2018-25283 | ExploitDB-45349
Product Reference
VulnCheck Advisory: iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter |
| Cewe-Photoworld--CEWE Photoshow | CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition. | 2026-04-26 | 7.5 | CVE-2018-25294 | ExploitDB-45211
Official Product Homepage
Product Reference
VulnCheck Advisory: CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service |
| Fortra--GoAnywhere MFT | The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force. | 2026-04-21 | 7.3 | CVE-2025-14362 | https://fortra.com/security/advisories/product-security/FI-2026-002 |

Medium Vulnerabilities

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| Angryip--Angry IP Scanner for Linux | Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash. | 2026-04-22 | 6.2 | CVE-2018-25262 | ExploitDB-46038
Official Product Homepage
VulnCheck Advisory: Angry IP Scanner for Linux 3.5.3 Denial of Service |
| Acutesystems--TransMac | TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition. | 2026-04-26 | 6.2 | CVE-2018-25264 | ExploitDB-45493
VulnCheck Advisory: TransMac 12.2 Denial of Service via License Key Field |
| Angryip--Angry IP Scanner | Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can generate a file containing a massive buffer of repeated characters and paste it into the unavailable value field in the display preferences to trigger a denial of service. | 2026-04-22 | 6.2 | CVE-2018-25266 | ExploitDB-45993
Official Product Homepage
VulnCheck Advisory: Angry IP Scanner 3.5.3 Denial of Service via Preferences Buffer Overflow |
| Ultraiso--UltraISO | UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH record overwrite values and paste it into the Output FileName field to trigger a denial of service crash. | 2026-04-22 | 6.2 | CVE-2018-25267 | ExploitDB-45996
Official Product Homepage
VulnCheck Advisory: UltraISO 9.7.1.3519 Buffer Overflow via Output FileName |
| icewarp--ICEWARP Client | ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information. | 2026-04-22 | 6.1 | CVE-2018-25269 | ExploitDB-45974
Official Product Homepage
VulnCheck Advisory: ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection |
| Textpad--Textpad | Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application. | 2026-04-22 | 6.2 | CVE-2018-25271 | ExploitDB-45956
Official Product Homepage
Product Reference
VulnCheck Advisory: Textpad 8.1.2 Denial of Service via Run Command |
| Acutesystems--CrossFont | CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input. | 2026-04-26 | 6.2 | CVE-2018-25273 | ExploitDB-45494
VulnCheck Advisory: CrossFont 7.5 Denial of Service via License Key Field |
| infrarecorder--InfraRecorder | InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash. | 2026-04-26 | 6.2 | CVE-2018-25274 | ExploitDB-45413
VulnCheck Advisory: InfraRecorder 0.53 Denial of Service via txt File Import |
| faleemi--Faleemi Plus | Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash. | 2026-04-26 | 6.2 | CVE-2018-25275 | ExploitDB-45414
Product Reference
VulnCheck Advisory: Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow |
| Br-Software--PixGPS | PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition. | 2026-04-26 | 6.2 | CVE-2018-25277 | ExploitDB-45381
Product Reference
VulnCheck Advisory: PixGPS 1.1.8 Buffer Overflow Denial of Service |
| Picajet--PicaJet FX | PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog to trigger an application crash. | 2026-04-26 | 6.2 | CVE-2018-25278 | ExploitDB-45383
VulnCheck Advisory: PicaJet FX 2.6.5 Denial of Service via Registration Fields |
| Convertimagetotext--jiNa OCR Image to Text | jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF. | 2026-04-26 | 6.2 | CVE-2018-25279 | ExploitDB-45380
Product Reference
VulnCheck Advisory: jiNa OCR Image to Text 1.0 Denial of Service via PNG |
| ZenMap--ZenMap | Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash. | 2026-04-26 | 6.2 | CVE-2018-25282 | ExploitDB-45357
Product Reference
VulnCheck Advisory: Nmap 7.70 Denial of Service via XML Entity Expansion |
| Hdtune--HD Tune Pro | HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trigger a denial of service by entering a 6000-byte payload through the File > Options > Save dialog's folder/file name input field. | 2026-04-26 | 6.2 | CVE-2018-25284 | ExploitDB-45298
Official Product Homepage
Product Reference
VulnCheck Advisory: HD Tune Pro 5.70 Denial of Service via Options Dialog |
| Hdtune--Easy PhotoResQ | Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition. | 2026-04-26 | 6.2 | CVE-2018-25286 | ExploitDB-45300
Official Product Homepage
VulnCheck Advisory: Easy PhotoResQ 1.0 Buffer Overflow Denial of Service |
| Editorsoftware--StyleWriter | StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition. | 2026-04-26 | 6.2 | CVE-2018-25288 | ExploitDB-45250
Official Product Homepage
Product Reference
VulnCheck Advisory: StyleWriter 1.0 Denial of Service via Pattern Input |
| Ezbsystems--Softdisk | Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by entering a 6000-byte payload in the Registration Name field through the Help menu's Enter Registration Code dialog to cause a denial of service. | 2026-04-26 | 6.2 | CVE-2018-25289 | ExploitDB-45245
Official Product Homepage
Product Reference
VulnCheck Advisory: Softdisk 3.0.3 Buffer Overflow Denial of Service |
| Ezbsystems--Easyboot | Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by accessing File > Tools > Replace Text and pasting a 7000-byte payload into the text fields to cause a denial of service. | 2026-04-26 | 6.2 | CVE-2018-25290 | ExploitDB-45241
Official Product Homepage
VulnCheck Advisory: Easyboot 6.6.0 Buffer Overflow Denial of Service |
| Pj64-Emu--Project64 | Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened. | 2026-04-26 | 6.2 | CVE-2018-25291 | ExploitDB-45229
Official Product Homepage
VulnCheck Advisory: Project64 2.3.2 Denial of Service via Plugin Directory |
| Bome--Restorator | Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service. | 2026-04-26 | 6.2 | CVE-2018-25292 | ExploitDB-45223
Official Product Homepage
Product Reference
VulnCheck Advisory: Bome Restorator 1793 Denial of Service via Buffer Overflow |
| Mersenne--Prime95 | Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings. | 2026-04-26 | 6.2 | CVE-2018-25293 | ExploitDB-45226
Official Product Homepage
Product Reference
VulnCheck Advisory: Prime95 29.4b7 Denial of Service via Proxy Password Field |
| P10--ObserverIP Scan Tool | ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash. | 2026-04-26 | 6.2 | CVE-2018-25295 | ExploitDB-45204
Official Product Homepage
Product Reference
VulnCheck Advisory: ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field |
| Wansview--Wansview | Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes. | 2026-04-26 | 6.2 | CVE-2018-25297 | ExploitDB-45194
VulnCheck Advisory: Wansview 1.0.2 Denial of Service via Buffer Overflow |
| 94Cb--Carbon Forum | Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft. | 2026-04-22 | 6.4 | CVE-2024-58344 | ExploitDB-52043
Official Product Homepage
Product Reference
VulnCheck Advisory: Carbon Forum 5.9.0 Persistent XSS via Forum Name Field |
| GitLab--GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to a discussions endpoint. | 2026-04-22 | 6.5 | CVE-2025-0186 | HackerOne Bug Bounty Report #2915694
https://gitlab.com/gitlab-org/gitlab/-/work_items/511312
https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/ |
| GitLab--GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resource allocation limits in the GraphQL API. | 2026-04-22 | 6.5 | CVE-2025-3922 | HackerOne Bug Bounty Report #3098035
https://gitlab.com/gitlab-org/gitlab/-/work_items/537422
https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/ |
| Picajet--RoboImport | RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash. | 2026-04-26 | 5.5 | CVE-2018-25276 | ExploitDB-45382
Product Reference
VulnCheck Advisory: RoboImport 1.2.0.72 Denial of Service via Registration Fields |
| Infiltration-Systems--Infiltrator Network Security Scanner | Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 6000-byte payload into the Scan Target field and trigger a denial of service condition when the Scan button is clicked. | 2026-04-26 | 5.5 | CVE-2018-25280 | ExploitDB-45390
Product Reference
VulnCheck Advisory: Infiltrator Network Security Scanner 4.6 Denial of Service |
| Maxprog--iCash | iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash. | 2026-04-26 | 5.5 | CVE-2018-25281 | ExploitDB-45388
VulnCheck Advisory: iCash 7.6.5 Denial of Service via Connect to Server |
| Fathom--Fathom | Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of service condition. | 2026-04-26 | 5.5 | CVE-2018-25285 | ExploitDB-45294
Official Product Homepage
Product Reference
VulnCheck Advisory: Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow |
| Hdtune--Drive Power Manager | Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a 6000-byte payload into the Name field and click Register to trigger a denial of service condition. | 2026-04-26 | 5.5 | CVE-2018-25287 | ExploitDB-45299
Official Product Homepage
VulnCheck Advisory: Drive Power Manager 1.10 Denial of Service via Name Field |
| P10--Central Management Software | P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service. | 2026-04-26 | 5.5 | CVE-2018-25296 | ExploitDB-45207
Official Product Homepage
VulnCheck Advisory: P10 Central Management Software 1.4.13 Denial of Service |
| Fortra--GoAnywhere MFT | Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data. | 2026-04-21 | 5.8 | CVE-2025-1241 | https://fortra.com/security/advisories/product-security/FI-2026-001 |
| OpenSC--OpenSC | Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs | 2026-04-23 | 5.7 | CVE-2025-13763 | https://access.redhat.com/security/cve/CVE-2025-13763
RHBZ#2417581
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763 |
| HCLSoftware--BigFix Service Management (SM) | HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | 2026-04-21 | 5.3 | CVE-2025-31981 | https://support.hcl-software.com/csm?id=kbarticle&sysparmarticle=KB0127605 |
| IBM--Security Verify Directory (Container) | IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system. | 2026-04-22 | 5.5 | CVE-2025-36074 | https://www.ibm.com/support/pages/node/7268907 |
| hubspotdev--HubSpot All-In-One Marketing Forms, Popups, Live Chat | The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract a list of all installed plugins and their versions which can be leveraged for reconnaissance and further attacks. | 2026-04-24 | 4.3 | CVE-2025-11762 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8c62e6-f459-433a-b0c4-c79285ea7fe9?source=cve
https://research.cleantalk.org/CVE-2025-11762
https://plugins.trac.wordpress.org/browser/leadin/tags/11.3.33/public/admin/class-adminconstants.php |

Low Vulnerabilities

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| HCLSoftware--BigFix Service Management (SM) | HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking. | 2026-04-21 | 3.7 | CVE-2025-31958 | https://support.hcl-software.com/csm?id=kbarticle&sysparmarticle=KB0124209 |

Severity Not Yet Assigned

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| NWCLARK--Storable | Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow. | 2026-04-21 | not yet calculated | CVE-2017-20230 | https://github.com/Perl/perl5/issues/15831
https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
https://metacpan.org/release/RURBAN/Storable-3.05/changes
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html |
| Seeyon Internet Software--A8-V5 Collaborative Management Software | Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC). | 2026-04-21 | not yet calculated | CVE-2019-25714 | https://sourceforge.net/software/product/A8/
https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/
https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/
https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/SecurityNotificationreseller_en-US.pdf
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31713
https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeservlet-arbitrary-file-upload
https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file-write-via-htmlofficeservlet |
| Unknown--Email Encoder | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed (for example in multisite setup). | 2026-04-20 | not yet calculated | CVE-2024-7083 | https://wpscan.com/vulnerability/7aeb6891-e159-4ed8-b1a9-a551140c9fcc/ |
| Semantic MediaWiki--Semantic MediaWiki | Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | 2026-04-21 | not yet calculated | CVE-2025-10354 | https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-semantic-mediawiki |
| EfficientLab, LLC--Controlio | EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM. | 2026-04-23 | not yet calculated | CVE-2025-10549 | https://r.sec-consult.com/controlio
https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95 |
| Fudo Security--Fudo Enterprise | Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3 | 2026-04-20 | not yet calculated | CVE-2025-13480 | https://www.fudosecurity.com/product/enterprise
https://cert.pl/en/posts/2026/04/CVE-2025-13480
https://download.fudosecurity.com/documentation/fudo/56/rn/RN5.6.3.pdf |
| Zervit--portable HTTP/Web server | Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfully exploited, the application can be made to stop responding, resulting in a DoS condition. It is possible to manually restart the application. | 2026-04-21 | not yet calculated | CVE-2025-13826 | https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-validation-zervit-portable-httpweb-server |
| ATRODO--Net:Dropbear | Net:Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net:Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437. | 2026-04-21 | not yet calculated | CVE-2025-15638 | https://www.cve.org/CVERecord?id=CVE-2016-6129
https://www.cve.org/CVERecord?id=CVE-2018-12437
https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes |
| PHP Point Of Sale--PHP Point Of Sale | HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddate_formatted' parameters. | 2026-04-21 | not yet calculated | CVE-2025-41011 | https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0 |
| Zeon Global Tech--Zeon Academy Pro | SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'. | 2026-04-21 | not yet calculated | CVE-2025-41029 | https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-zeon-academy-pro-zeon-global-tech |

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.