|
411
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
New
|
CWE-1390
Weak Authentication
|
CVE-2026-6886
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
New
|
CWE-89
SQL Injection
|
CVE-2026-6887
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present…
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2025-13763
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
4.7 |
MEDIUM
Network
|
-
|
-
|
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the
WebPage::send-reques…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-66286
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
7.5 |
HIGH
Network
|
-
|
-
|
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read…
New
|
CWE-22
CWE-346
Path Traversal
Origin Validation Error
|
CVE-2026-6903
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
7.3 |
HIGH
Adjacent
|
-
|
-
|
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implem…
New
|
CWE-1390
Weak Authentication
|
CVE-2025-70994
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
- |
|
-
|
-
|
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-35225
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo…
New
|
CWE-89
SQL Injection
|
CVE-2026-41460
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
8.5 |
HIGH
Network
|
-
|
-
|
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41461
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
- |
|
-
|
-
|
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.
New
|
-
|
CVE-2025-50229
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
