|
401
|
3.2 |
LOW
Local
|
-
|
-
|
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by t…
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-41988
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41989
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
4.0 |
MEDIUM
Local
|
-
|
-
|
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41990
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
5.1 |
MEDIUM
Local
|
-
|
-
|
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in thi…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-10549
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
7.3 |
HIGH
Local
|
-
|
-
|
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-34488
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
7.5 |
HIGH
Network
|
-
|
-
|
GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-41040
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X2551…
New
|
CWE-335
CWE-338
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41564
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
- |
|
-
|
-
|
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to pot…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-3259
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient sec…
New
|
CWE-94
Code Injection
|
CVE-2026-3960
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6885
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
