|
291
|
7.5 |
HIGH
Network
|
-
|
-
|
Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` pa…
New
|
CWE-59
Link Following
|
CVE-2026-41231
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when s…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41232
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling res…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41233
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
3.2 |
LOW
Local
|
-
|
-
|
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by t…
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-41988
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41989
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
4.0 |
MEDIUM
Local
|
-
|
-
|
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41990
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
5.1 |
MEDIUM
Local
|
-
|
-
|
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in thi…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-10549
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
7.3 |
HIGH
Local
|
-
|
-
|
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-34488
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
7.5 |
HIGH
Network
|
-
|
-
|
GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-41040
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X2551…
New
|
CWE-335
CWE-338
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41564
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
