|
3031
|
5.1 |
MEDIUM
Local
|
-
|
-
|
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in thi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-10549
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3032
|
7.3 |
HIGH
Local
|
-
|
-
|
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-34488
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3033
|
7.5 |
HIGH
Network
|
-
|
-
|
GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-41040
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3034
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X2551…
|
CWE-335
CWE-338
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41564
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3035
|
- |
|
-
|
-
|
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to pot…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-3259
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3036
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient sec…
|
CWE-94
Code Injection
|
CVE-2026-3960
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3037
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6885
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3038
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
|
CWE-1390
Weak Authentication
|
CVE-2026-6886
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3039
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
|
CWE-89
SQL Injection
|
CVE-2026-6887
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3040
|
7.5 |
HIGH
Network
|
-
|
-
|
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read…
|
CWE-22
CWE-346
Path Traversal
Origin Validation Error
|
CVE-2026-6903
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
