|
31
|
5.1 |
MEDIUM
Physics
|
-
|
-
|
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leadi…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2025-36579
|
2026-04-17 02:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
8.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke u…
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-5173
|
2026-04-17 01:44 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-416
Use After Free
|
CVE-2026-5883
|
2026-04-17 01:36 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit…
New
|
CWE-362
Race Condition
|
CVE-2026-5890
|
2026-04-17 01:35 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-33118
|
2026-04-17 01:34 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
9.8 |
CRITICAL
Network
|
mesa3d
|
mesa
|
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40393
|
2026-04-17 01:17 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
- |
|
-
|
-
|
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remot…
New
|
CWE-321
CWE-502
Use of Hard-coded Cryptographic Key
Deserialization of Untrusted Data
|
CVE-2026-5426
|
2026-04-17 01:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
9.1 |
CRITICAL
Network
|
-
|
-
|
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.
New
|
CWE-89
SQL Injection
|
CVE-2026-37347
|
2026-04-17 01:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.
New
|
CWE-89
SQL Injection
|
CVE-2026-37346
|
2026-04-17 01:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.
New
|
CWE-89
SQL Injection
|
CVE-2026-37345
|
2026-04-17 01:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
