|
3981
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet fe…
|
-
|
CVE-2026-3007
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3982
|
3.2 |
LOW
Local
|
-
|
-
|
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by t…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-41988
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3983
|
7.3 |
HIGH
Local
|
-
|
-
|
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-34488
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3984
|
7.5 |
HIGH
Network
|
-
|
-
|
GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-41040
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3985
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X2551…
|
CWE-335
CWE-338
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41564
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3986
|
- |
|
-
|
-
|
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to pot…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-3259
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3987
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6885
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3988
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
|
CWE-1390
Weak Authentication
|
CVE-2026-6886
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3989
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
|
CWE-89
SQL Injection
|
CVE-2026-6887
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3990
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient sec…
|
CWE-94
Code Injection
|
CVE-2026-3960
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
