|
301
|
- |
|
-
|
-
|
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to pot…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-3259
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient sec…
New
|
CWE-94
Code Injection
|
CVE-2026-3960
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6885
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
New
|
CWE-1390
Weak Authentication
|
CVE-2026-6886
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
New
|
CWE-89
SQL Injection
|
CVE-2026-6887
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
7.5 |
HIGH
Network
|
-
|
-
|
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read…
New
|
CWE-22
CWE-346
Path Traversal
Origin Validation Error
|
CVE-2026-6903
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present…
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2025-13763
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
4.7 |
MEDIUM
Network
|
-
|
-
|
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the
WebPage::send-reques…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-66286
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
7.3 |
HIGH
Adjacent
|
-
|
-
|
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implem…
New
|
CWE-1390
Weak Authentication
|
CVE-2025-70994
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
- |
|
-
|
-
|
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-35225
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
