|
371
|
7.8 |
HIGH
Local
|
-
|
-
|
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37231
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
9.8 |
CRITICAL
Network
|
-
|
-
|
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
Update
|
CWE-415
Double Free
|
CVE-2020-37239
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
9.8 |
CRITICAL
Network
|
-
|
-
|
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. …
Update
|
CWE-94
Code Injection
|
CVE-2021-47952
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
7.8 |
HIGH
Local
|
-
|
-
|
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37229
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
7.8 |
HIGH
Local
|
-
|
-
|
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37230
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
7.5 |
HIGH
Network
|
-
|
-
|
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoi…
Update
|
CWE-22
Path Traversal
|
CVE-2021-47942
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
9.8 |
CRITICAL
Network
|
-
|
-
|
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file uploa…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25332
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
8.2 |
HIGH
Network
|
-
|
-
|
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
New
|
CWE-89
SQL Injection
|
CVE-2018-25333
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
- |
|
-
|
-
|
LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL back…
Update
|
CWE-327
CWE-347
Use of a Broken or Risky Cryptographic Algorithm
Improper Verification of Cryptographic Signature
|
CVE-2026-44699
|
2026-05-19 04:59 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
9.1 |
CRITICAL
Network
|
-
|
-
|
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates databas…
Update
|
CWE-94
Code Injection
|
CVE-2026-41258
|
2026-05-19 04:59 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
