|
3211
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X2551…
|
CWE-335
CWE-338
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41564
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3212
|
- |
|
-
|
-
|
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to pot…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-3259
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3213
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6885
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3214
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
|
CWE-1390
Weak Authentication
|
CVE-2026-6886
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3215
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
|
CWE-89
SQL Injection
|
CVE-2026-6887
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3216
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient sec…
|
CWE-94
Code Injection
|
CVE-2026-3960
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3217
|
7.5 |
HIGH
Network
|
-
|
-
|
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read…
|
CWE-22
CWE-346
Path Traversal
Origin Validation Error
|
CVE-2026-6903
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3218
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2025-13763
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3219
|
4.7 |
MEDIUM
Network
|
-
|
-
|
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the
WebPage::send-reques…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-66286
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3220
|
7.3 |
HIGH
Adjacent
|
-
|
-
|
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implem…
|
CWE-1390
Weak Authentication
|
CVE-2025-70994
|
2026-04-24 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
