6.9
CVE-2018-25274 - InfraRecorder 0.53 Denial of Service via txt File Import
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an applicaโฆ
6.9
CVE-2018-25273 - CrossFont 7.5 Denial of Service via License Key Field
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an aโฆ
6.9
CVE-2018-25264 - TransMac 12.2 Denial of Service via License Key Field
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a deniaโฆ
8.6
CVE-2018-25263 - Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log intโฆ
5.3
CVE-2026-7043 - GreenCMS index.php pluginAddLocal unrestricted upload
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Thisโฆ
6.9
CVE-2026-7042 - 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publisheโฆ
6.3
CVE-2026-7041 - 666ghj MiroFish Werkzeug Debugger PIN console information disclosure
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack remโฆ
8.5
CVE-2026-7039 - tufantunc ssh-mcp index.ts shell.write command injection
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed puโฆ
4.8
CVE-2026-7038 - tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made avaiโฆ
9.3
CVE-2026-7037 - Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotelโฆ