Security Vulnerabilities
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled (which is the default when not explicitly configured), xrdp accepts a client-supplied AlternateShell value and executes it via /bin/sh -c during session initialization. This results in shell-interpreted execution of unsanitized, user-controlled input. This behavior effectively provides a scriptable remote command execution primitive over RDP within the security context of the authenticated user, occurring prior to normal window manager startup. This can bypass expected session initialization flows and operational assumptions that restrict execution to interactive desktop environments. This issue has been fixed in version 0.10.6.
CVSS Score
6.3
EPSS Score
0.001
Published
2026-04-17
xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6.
CVSS Score
8.7
EPSS Score
0.002
Published
2026-04-17
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.
CVSS Score
9.4
EPSS Score
0.001
Published
2026-04-17
Anviz CrossChex Standard
lacks source verification in the client/server channel, enabling TCP
packet injection by an attacker on the same network to alter or disrupt
application traffic.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-04-17
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-17
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be
retrieved without authentication, revealing sensitive operational
imagery.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-04-17
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-17
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-04-17
Anviz CX2 Lite is vulnerable to an authenticated command injection via a
filename parameter that enables arbitrary command execution (e.g.,
starting telnetd), resulting in root‑level access.
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-17
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-04-17